[syslog-ng]logging T3 messages to central loghost?

[KONSTANTIN GINZBURG]

Does anybody have experience with logging T3 array messages to a central
loghost?  I'm running syslog-ng on the central loghost.  I have my loglevel set
to '3' on the T3 and the following line in /etc/syslog.conf on the T3 (I also
have corresponding line in /etc/hosts):

*.notice        central_loghost

In syslog-ng.conf on 'central_loghost' I have:

source external { tcp(port(1999) max-connections(50)); };

source external_udp { udp(port(514)); };

filter f_udp { host("some_name") or host("T3_array_name"); };

destination hosts {
file("/var/log/$HOST/$FACILITY/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY"
owner(root) create_dirs(yes)); };

log { source(external); destination(hosts); };

log { source(external_udp); destination(hosts); };

In other words I'm listening on TCP port 1999 for all hosts except for special
cases like T3 (because I don't know any way to make it send its logs via tcp).
However, I don't get anything from the T3 array on the central log host even
though local 'syslog' on the T3 gets a lot of messages.  Am I missing something?
 I would appreciate any ideas or suggestions.  Thanks in advance.


Konstantin Ginzburg
UNIX Engineering
Eagan COSC
(651) 406-2614