Hi all, Well, finally have this going and not crashing! Last night's 1.70 and the corresponding libol. Yay! However, I'm not grokking Darwin compared to Solaris/Linux and syslog-ng configs compared to vanilla syslog. I'm not finding much on searches that helps. The man pages for the O/S seem like they come from BSD but don't apply (see log sockets which don't exist ). I'm not a C programmer and am a bit lost trying to go to syslog.h . Little help here? IT RUNS 4.3 Berkeley Distribution June 6, 1993 4.3 Berkeley Distribution [mal-centurion:local/etc/syslog-ng] admin% sudo lsof | grep syslog tcsh 9840 admin cwd VDIR 14,21 512 200229 /usr/local/etc/syslog-ng syslog-ng 16625 root cwd VDIR 14,21 512 200229 /usr/local/etc/syslog-ng syslog-ng 16625 root 0u VCHR 3,2 0t0 20520196 /dev/null syslog-ng 16625 root 1u VCHR 3,2 0t0 20520196 /dev/null syslog-ng 16625 root 2u VCHR 3,2 0t0 20520196 /dev/null syslog-ng 16625 root 3r 0x013d5958 file struct, ty=0x3, op=0x30f300 syslog-ng 16625 root 4u IPv4 0x0142ef20 0t0 UDP *:syslog syslog-ng 16625 root 5r 0x013d3924 file struct, ty=0x3, op=0x30f300 syslog-ng 16625 root 6u IPv4 0x024554c8 0t0 TCP *:5140 (LISTEN) lsof 16894 root cwd VDIR 14,21 512 200229 /usr/local/etc/syslog-ng grep 16895 admin cwd VDIR 14,21 512 200229 /usr/local/etc/syslog-ng WHAT RUNS? I DONT KNOW THE RIGHT SOCKET/DEVICE OR PROTOCOL There is no /var/run/log or /dev/log. There is a /dev/klog but I get io.c: bind_unix_socket(): /dev/klog not a socket MY CONFIG IS FUBARED Below I place my regular config, then the syslog-ng config. VANILLA [mal-centurion:local/etc/syslog-ng] admin% more /etc/syslog.conf *.err;kern.*;auth.notice;authpriv,remoteauth,install.none;mail.crit /dev/console *.notice;local4,authpriv,remoteauth,ftp,install.none;kern.debug; mail.crit;mark.* /var/log/system.log # Send messages normally sent to the console also to the serial port. # To stop messages from being sent out the serial port, comment out this line. #*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial # The authpriv log file should be restricted access; these # messages shouldn't go to terminals or publically-readable # files. authpriv.*;remoteauth.crit /var/log/secure.log lpr.info /var/log/lpr.log mail.* /var/log/mail.log ftp.* /var/log/ftp.log netinfo.err /var/log/netinfo.log install.* /var/log/install.log install.* @127.0.0.1:32376 *.emerg * local6.notice /private/var/log/mailaccess.log NEXT GENERATION ############################################################### # First, set some global options. options { # use_fqdn(yes); # use_dns(yes); # dns_cache(yes); keep_hostname(yes); long_hostnames(off); sync(1); log_fifo_size(1024); }; ############################################################### # # This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine. # #source src { unix-stream("/dev/log"); internal(); }; source src { # don't read from /proc/kmsg and run klogd also (Linux) # pipe("/proc/kmsg"); # file("/proc/kmsg") log_prefix("kernel: "); # unix-stream("/dev/log"); # unix-stream("/chroot/named/dev/log"); internal(); udp(); # udp(ip("10.0.5.8") port(514)); tcp(port(5140) keep-alive(yes)); # tcp(ip("10.9.9.3") port(5140) keep-alive(yes)); }; ############################################################### # After that set destinations. # First some standard logfile # destination authlog { file("/var/ng-syslog/auth.log"); }; destination syslog { file("/var/ng-syslog/syslog"); }; destination cron { file("/var/log/cron.log"); }; destination daemon { file("/var/ng-syslog/daemon.log"); }; destination kern { file("/var/ng-syslog/kern.log"); }; destination lpr { file("/var/ng-syslog/lpr.log"); }; destination user { file("/var/ng-syslog/user.log"); }; destination uucp { file("/var/ng-syslog/uucp.log"); }; # This files are the log come from the mail subsystem. # #destination mail { file("/var/log/mail.log"); }; #destination maillog { file("/var/log/maillog"); }; #destination mailinfo { file("/var/log/mail.info"); }; #destination mailwarn { file("/var/log/mail.warn"); }; #destination mailerr { file("/var/log/mail.err"); }; # # Logging for INN news system # #destination newscrit { file("/var/log/news/news.crit"); }; #destination newserr { file("/var/log/news/news.err"); }; #destination newsnotice { file("/var/log/news/news.notice"); }; # Some `catch-all' logfiles. # destination debug { file("/var/ng-syslog/debug"); }; destination messages { file("/var/ng-syslog/messages"); }; # The root's console. # destination console { usertty("root"); }; The balance of that sample file is commented. The directory /var/ng-syslog exists, but none of the files. Do I have to touch those to get them going?