Good Morning All: I have hit a bit of a problem with the set up of my Splunk system. I am trying to set it up for using a named pipe to get my data into splunk. I have the logging server receiving data and logging it to files with no problem, but, someplace, I have gotten the named pipe configuration messed up. Here is my syslog-ng.conf file # $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo, v 1.5 2005/05/12 05:46:10 mr_bones_ Exp $ # # Syslog-ng default configuration file for Gentoo Linux # contributed by Michael Sterrett options { chain_hostnames(off); sync(0); # The default action of syslog-ng 1.6.0 is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats(43200); }; source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; destination messages { file("/var/log/messages"); }; source remote { udp(); }; destination splunk { pipe("/var/syslog-ng/syslog_fifo"); }; log{ source(remote); destination(splunk); }; destination hosts { file("/var/log/hosts/$HOST/messages" owner(root) group(logs) perm(0640) dir_perm(0750) create_dirs(yes) ); }; log { source(remote); destination(hosts); }; # By default messages are logged to tty12... destination console_all { file("/dev/tty12"); }; # ...if you intend to use /dev/console for programs like xconsole # you can comment out the destination line above that references /dev/tty12 # and uncomment the line below. #destination console_all { file("/dev/console"); }; log { source(src); destination(messages); }; log { source(src); destination(console_all); }; srvnms-01 ~ # As the file is currently configured, syslog-ng starts with no problems and runs logging to the files as specified in the destination hosts directive. The data never appears in the named pipe. I did some investigation and asked a few questions on IRC, and someone told me that I needed to use the mkpipe command, however I have been unable to locate (using google) the proper syntax for the mkpipe command. Another person told me that once I got it set up, I would need to configure logrotate as well. Any and all pointers that you can provide would be most welcome. I have gone over the FAQ and also the users manual. As well as googling about for the proper answers. If you prefer to just point me to resources and let me figure it out myself, That is also quite cool, I like to learn. Thank you Timothy A. Holmes IT Manager / Network Admin / Web Master / Computer Teacher Medina Christian Academy A Higher Standard... Jeremiah 33:3 Jeremiah 29:11 Esther 4:14