Did you check the log file for the log server host? You have keep_hostname(no) so I think that the machine will log as from the local log server. Check to see if they are in the local host log file. Regards, Drew -----Original Message----- From: Moxey, Joel, CND Tech Dev, VF UK [mailto:Joel.Moxey@gb.vodafone.co.uk] Sent: Wednesday, January 29, 2003 9:08 AM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]UDP syslog not being logged by syslog-ng Hi! I'm having some problems getting remote hosts to log as desired to a log server. I'm using version 1.4.17 on Red Hat with the following config: #Start options { sync(0); log_fifo_size(1000); use_dns(no); use_fqdn(no); create_dirs(no); keep_hostname(no); }; source s_all { pipe("/proc/kmsg"); unix-stream("/dev/log"); udp(localip(A.B.C.D) localport(514)); internal(); }; destination d_notauth { file("/systems/$HOST/messages" perm(0644)); }; destination d_auth { file("/systems/$HOST/authmsg"); }; filter f_notauth { not facility(auth, authprov); }; filter f_auth { facility(auth, authprov); }; log { source(s_all); filter(f_notauth); destination(d_notauth) }; log { source(s_all); filter(f_auth); destination(d_auth) }; #End I have created appropriate directories for each remote host, and each host has an entry in the /etc/hosts file. Using logger, I have confirmed the config works as desired for the log server. However, using logger on remote hosts (I've tried Solaris and Red Hat), I can not seem to get the message written to file. I have confirmed using tcpdump that the messages reach the log server, and can see by netstat that the UDP socket is open. I thought it might be because of the $HOST part, but also tried using destinations without this to no success. Any suggestions to what my problem might be? Thanks for any help, Joel _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html