Hi everyone, I have a problems with a “source-file”. Syslog-ng can’t read my “source-file”. I don’t know why, please help me. This is my simple syslog-ng.conf file (Vers- 1.6.11) on my Solaris 8 (Sparc.117350-16); options { mark(600); sync(0); use_dns(yes); create_dirs(yes); }; source src_tail { file("/var/log/syslog-ng/mar" ); internal(); }; source s_local { sun-streams("/dev/log" door("/etc/.syslog_door")); }; destination d_loghost_localhost { udp("10.10.10.48" port(514)); file ("/var/log/syslog-ng/$YEAR.$MONTH.$DAY/localhost.log"); }; log { source(src_tail); source(s_local); destination(d_loghost_localhost) ; }; I can see on the remote central server log "10.10.10.48" that it is working with the internal messages; 15:11:50.193397 10.10.1.36.33055 > 10.10.10.48.syslog: udp 92 (DF) 0x0000 4500 0078 df47 4000 fd11 7ec5 0a0a 0124 E..x.G@...~....$ 0x0010 0a0a 0a30 811f 0202 0064 9f5e 3c34 353e ...0.....d.^<45> 0x0020 4f63 7420 2034 2031 353a 3131 3a35 3020 Oct..4.15:11:50. 0x0030 7372 635f 7461 696c 4061 7070 7331 6d6e src_tail@testhos 0x0040 3120 7379 736c 6f67 2d6e 675b 3139 3933 t.syslog-ng[1993 0x0050 305d 0] I make a test in the local server #logger -p local3.info test1 and I can see the message on tcpdump in the remote server; 15:22:58.946246 10.10.1.36.33318 > 10.10.10.48.syslog: udp 78 (DF) 0x0000 4500 006a 014e 4000 fd11 5ccd 0a0a 0124 E..j.N@...\....$ 0x0010 0a0a 0a30 8226 0202 0056 852d 3c31 3538 ...0.&...V.-<158 0x0020 3e4f 6374 2020 3420 3135 3a32 323a 3538 >Oct..4.15:22:58 0x0030 2073 5f6c 6f63 616c 4061 7070 7331 6d6e .s_local@testhos 0x0040 3120 6d61 7266 6162 6961 3a20 5b49 4420 t.marcos:.[ID. 0x0050 3730 70 The file destination local is writing only the internal() but nothing about my file “/var/log/syslog-ng/mar” ; #tail /var/log/syslog-ng/$YEAR.$MONTH.$DAY/localhost.log Oct 4 15:22:54 src_tail@testhost syslog-ng[23738]: syslog-ng version 1.6.11 starting Oct 4 15:32:54 src_tail@testhost syslog-ng[23738]: STATS: dropped 0 This test script is running “while true; do date >>/var/log/syslog-ng/mar; sleep 5; done &” and it is writing every 5 seconds on my “source file” but I can see nothing on the remote host and nothing in local host (root@testhost# snoop -d hme0 10.10.10.48) or local file. root@testhost # ps -ef|grep syslog root 28281 1 0 Sep 19 ? 0:00 /usr/sbin/syslogd root 28310 1 1 16:09:21 ? 0:00 /usr/local/sbin/syslog-ng -f /etc/syslog-ng.conf root@testhost # ls -la /var/log/syslog-ng/mar -rwxrwxrwx 1 root other 64042 Oct 4 16:09 /var/log/syslog-ng/mar Can you help me? Thanks in advance, Marcos Fabian. PS- Also when I include the option “follow_freq(1)” on the syslog-ng.conf ; source s_tail { file("/var/log/apache/access.log" follow_freq(1) flags(no-parse)); }; I have the next error; # /usr/local/sbin/syslog-ng -d -v /etc/syslog-ng.conf syntax error at 10 Parse error reading configuration file, exiting. (line 10) --------------------------------- Yahoo! oneSearch: Finally, mobile search that gives answers, not web links.