[syslog-ng]Difficulty with source(net) on Solaris 8 [syslog-ng-1.4.9a]

Fri, 14 Sep 2001 13:50:29 -0700 (MST)

Greetings,

I did as you suggested and I do see the recvfrom() when a message arrives.

Never uised truss befor. Interesting, but nothing into the log file.

kparis@netlog$ ps -aef | grep sysl
  kparis 25013 24857  0 13:38:59 pts/1    0:00 grep sysl
    root 23643     1  0   Sep 12 ?        0:00 /usr/local/sbin/syslog-ng -
f /usr/local/etc/syslog-ng.conf -p /var/run/syslog-n

truss -p 23643

poll(0xFFBEF658, 3, 60000)                      = 1
recvfrom(3, " < 5 > 6 7 5 :   S e p  ".., 519, 0, 0xFFBEF448, 0xFFBEF444) = 99
time()                                          = 1000499766
poll(0xFFBEF658, 3, 100)                        = 0
poll(0xFFBEF658, 3, 60000)      (sleeping...)
signotifywait()                 (sleeping...)
lwp_cond_wait(0xFF0F55C8, 0xFF0F55D8, 0xFF1D5C48) (sleeping...)
door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)
door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)

This repeats anytime I change the config on the cisco device 
( which immediately sends a message to loghost )

My current config is:
kparis@netlog$ cat syslog-ng.conf
options { sync(0); keep_hostname(yes); chain_hostnames(no); log_fifo_size
(30000); };
source s_local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal
(); };
source s_net_udp { udp(); };
destination d_local { file("/var/log/default"); };
log { source(s_local); source(s_net_udp); destination(d_local); };

kparis@netlog$ ls -l /var/log
total 34
-rw-------   1 root     sys            0 Aug 17 14:41 authlog
-rw-------   1 root     root        9057 Sep 14 13:29 default
....

I can see this indicates the message is arriving to syslog-ng.
Am I close ?

I am not sure how to proceed from this point.

Thanks for your suggestions and support. 

Best regards,
Ken Paris/

>try truss-ing syslog-ng whether it receives packets. you should see
>recvfrom() calls when a message arrives.
>
>-- 
>Bazsi