Ok, I see what's going on. If I have this conf: options { dir_perm(0755); perm(0644); chain_hostnames(no); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (yes); use_fqdn (no); dns_cache (yes); create_dirs (yes); keep_hostname(yes); }; source local { unix-dgram("/dev/log"); internal(); }; source s_udpmessages { udp(ip(0.0.0.0) port(514)); }; log { source(s_udpmessages); destination(d_mysql); }; *destinations removed* filter f_c4s1 { host("civic4south1"); }; log { source(s_udpmessages); filter(f_c4s1); destination(civic); }; log { source(s_udpmessages); destination(unsorted); flags(final, fallback); }; What I want to do is all messages that do not fit the host specified in filter f_c4s1 (or any other filter/log commands I put in) to be placed into the destination (unsorted) file. However my pipe to destination (my_sql) seems to be stopping that. How do I fix that so I can still log to My_Sql and my destination files without having to write rules for every item I'm logging? Thanks, JonM -----Original Message----- From: Balazs Scheidler [mailto:bazsi@balabit.hu] Sent: Thursday, February 19, 2004 1:12 AM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Is my default location broken? 2004-02-18, sze keltezéssel 19:40-kor Madziarczyk, Jonathan ezt írta:

I just migrated to a new box for syslog-ng and I'm trying to get the "default" location to work for messages that don't meet any of my rules yet.

I've sent multiple syslog messages to the box but they don't seem to be showing up. Any ideas? I do know that the "rules" messages are working so udp is binding.

Thanks, JonM

options { dir_perm(0755); perm(0644); chain_hostnames(no); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (yes); use_fqdn (no); dns_cache (yes); create_dirs (yes); keep_hostname(yes); };

source local { unix-dgram("/dev/log"); internal(); };

source s_udpmessages { udp(ip(0.0.0.0) port(514)); };

destination unsorted { file("/logs/unsorted.log" perm(0777)); }; log { source(s_udpmessages); destination(unsorted); flags(final, fallback); };

what are those 'rules' messages you are referring to? try stracing the syslog-ng process to see whether it actually receives messages. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html