Glad you figured it out. Drew -----Original Message----- From: Moxey, Joel, CND Tech Dev, VF UK [mailto:Joel.Moxey@gb.vodafone.co.uk] Sent: Wednesday, January 29, 2003 1:11 PM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]UDP syslog not being logged by syslog-ng Drew, Thanks for you help. It was me being stupid! It's the Red Hat firewall stopping it working! Joel -----Original Message----- From: Hamilton, Andrew [mailto:Andrew.Hamilton@afccc.af.mil] Sent: 29 January 2003 5:14 pm To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]UDP syslog not being logged by syslog-ng Joel, I'm not sure this will really make a difference and it may just be a typo in the message, but in the filters you have authprov which should be authpriv, I believe. You could also try logging just source, destination and not use any filters to see what you are getting. Regards, Drew -----Original Message----- From: Moxey, Joel, CND Tech Dev, VF UK [mailto:Joel.Moxey@gb.vodafone.co.uk] Sent: Wednesday, January 29, 2003 12:02 PM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]UDP syslog not being logged by syslog-ng They are in the local log files either. I tried changing the parameter to yes and still no success. Thanks for the ideas so far... Joel -----Original Message----- From: Hamilton, Andrew [mailto:Andrew.Hamilton@afccc.af.mil] Sent: 29 January 2003 2:23 pm To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]UDP syslog not being logged by syslog-ng Did you check the log file for the log server host? You have keep_hostname(no) so I think that the machine will log as from the local log server. Check to see if they are in the local host log file. Regards, Drew -----Original Message----- From: Moxey, Joel, CND Tech Dev, VF UK [mailto:Joel.Moxey@gb.vodafone.co.uk] Sent: Wednesday, January 29, 2003 9:08 AM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]UDP syslog not being logged by syslog-ng Hi! I'm having some problems getting remote hosts to log as desired to a log server. I'm using version 1.4.17 on Red Hat with the following config: #Start options { sync(0); log_fifo_size(1000); use_dns(no); use_fqdn(no); create_dirs(no); keep_hostname(no); }; source s_all { pipe("/proc/kmsg"); unix-stream("/dev/log"); udp(localip(A.B.C.D) localport(514)); internal(); }; destination d_notauth { file("/systems/$HOST/messages" perm(0644)); }; destination d_auth { file("/systems/$HOST/authmsg"); }; filter f_notauth { not facility(auth, authprov); }; filter f_auth { facility(auth, authprov); }; log { source(s_all); filter(f_notauth); destination(d_notauth) }; log { source(s_all); filter(f_auth); destination(d_auth) }; #End I have created appropriate directories for each remote host, and each host has an entry in the /etc/hosts file. Using logger, I have confirmed the config works as desired for the log server. However, using logger on remote hosts (I've tried Solaris and Red Hat), I can not seem to get the message written to file. I have confirmed using tcpdump that the messages reach the log server, and can see by netstat that the UDP socket is open. I thought it might be because of the $HOST part, but also tried using destinations without this to no success. Any suggestions to what my problem might be? Thanks for any help, Joel _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html