On Mon, Mar 08, 2004 at 06:41:01PM -0500, Adam wrote:

There are a few NT servers that are supposed to log their backups to this server using the syslog-ng WinNT client. Logging to port 5140.

What? You sure it's syslog-ng? Also, log "backups using syslog-ng"? What exactly do you mean here?

They don't, however data sent via telnet to port 5140 both sent by itself and by one other machine is logged.

The other machine is also one that's trying to send via syslog-ng over TCP and failing? What do the logs on the remote host (client) say? On the remote host (syslog client) use IPs instead of names, and double check the IP, Make sure you're really using TCP, make sure syslog-ng is running, if not start it manually and see why not (it'll give an error when it exits). Since you verified TCP connectivity between the hosts using the port in question it's entirely an application problem, at least between *these two* hosts. Concentrate on your configuration.

Also, how is the priority passed to 3rd party programs. I get lines formatted as below, from which I can extract a time-stamp, hostname and message. But no priority. Is priority normally incorporated as a part of the message?

<13>Mar 5 13:00:44 localhost TEST

I have links to in the informational RFC at http://www.campin.net/syslog-ng/faq.html - which explains this. -- Nate "Fifty years of programming language research, and we end up with C++ ???" - Richard A. O'Keefe.