Hi I'm trying to start syslog-ng for use with splunk but get the following error and am not sure how the address is already in use. I want to configure syslog-ng so that it receives files remotely via udp. [root@lonrs00253 init.d]# service syslog-ng stop Stopping Kernel Logger: [ OK ] [root@lonrs00253 init.d]# service syslog-ng start Starting syslog-ng: Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)' Error initializing source driver; source='remote' Starting Kernel Logger: [ OK ] My syslog-ng config file is below which i've configured for splunk using the splunk forums. Cheers leena ---------------------------------------------------------------------------- ---------------------------------------------------- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (yes); use_fqdn (yes); create_dirs (yes); group (logs); dir_group (logs); perm (0640); dir_perm (0750); keep_hostname (yes); }; source s_sys { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; source remote { udp(); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_mlal { usertty("*"); }; destination splunk { pipe("/var/log/syslog-ng/syslog_fifo"); }; destination hosts { file("/var/log/syslog-ng/hosts/$HOST/messages"); }; filter f_filter1 { facility(kern); }; filter f_filter2 { level(info) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit)); }; filter f_filter7 { facility(local7); }; filter f_filter8 { facility(cron); }; log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_filter7); destination(d_boot); }; log { source(s_sys); filter(f_filter8); destination(d_cron); }; log { source(remote); destination(splunk); }; log { source(remote); destination(hosts); }; Regards Leena Patel | Royal Bank of Scotland Global Banking & Markets | E-Commerce | Desk: +44 (0) 207 085 0692 *********************************************************************************** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: www.rbs.com www.rbsgc.com www.rbsmarkets.com ***********************************************************************************