I have installed syslog-ng on two RedHat PCs (7.0 and 8.0). I first stopped syslogd/klogd. ran "syslog-ng -s" to verify that the syntax of my cfg file was ok and then ran syslog-ng. I even ran syslog-ng in debug mode, in the foreground. it spews a bunch of output to stdout as it parses the cfg file (i believe), but then gets silent afterwards...even as I run logger(1). Nothing ever appears in any log file! same result on both systems, so i have to assume it is something silly I am not doing right. Here is my painfully simple cfg file: source src { pipe("/proc/kmsg"); unix-stream("/dev/log"); internal(); }; destination messages { file("/var/log/messages"); }; # Log anything of level debug or higher. filter f_messages { level(debug); }; log { source(src); filter(f_messages); destination(messages); }; i tried testing this by running logger(1), which I understand writes output to /dev/log. Nothing ever appears in /var/log/messages. In fact, no files in /var/log *ever* get written. Well, actually, i am leaving something out...and it is very strange but probably a key clue: when i shutdown syslog-ng and restart syslogd/klogd, I *do* get output in /var/log/messages. A bunch of lines announcing the startup of syslogd/klogd and, at *after* those entries, a single line announcing the shutdown of syslog-ng (the *only* output I *ever* get from syslog-ng): Jan 21 21:08:48 ape syslog: syslogd startup succeeded Jan 21 21:08:48 ape kernel: klogd 1.3-3, log source = /proc/kmsg started. Jan 21 21:08:48 ape kernel: Inspecting /boot/System.map-2.2.19-7.0.1 Jan 21 21:08:48 ape syslog: klogd startup succeeded Jan 21 21:08:48 ape kernel: Loaded 7296 symbols from /boot/System.map-2.2.19-7.0.1. Jan 21 21:08:48 ape kernel: Symbols match kernel version 2.2.19. Jan 21 21:08:48 ape kernel: Loaded 409 symbols from 12 modules. Jan 21 21:08:26 ape syslog-ng: syslog-ng shutdown succeeded Notice that the timestamp of the last line is 22 seconds EARLIER THAN the timestamp of the preceeding line! No doubt 22 seconds passed between the time I stopped syslog-ng and restarted syslogd/klogd. But how/why did the syslog-ng appear *after* the syslogd/klogd startup announcements? Some strange buffering of syslog-ng output? Why isn't syslog-ng monitoring /dev/log as I asked it to? Did I ask it incorrectly? Is it writing output to somewhere I cannot see? HELP! this is making me nuts!!!