[syslog-ng]Please help with logging remote machines

Daniel Flick syslog-ng@lists.balabit.hu
Mon, 17 Nov 2003 14:56:49 -0600


I have been beating my head against a wall getting this to work but no
joy.  Syslog-ng is running and logging on the local system but no remote
logs are being saved.  Devices in question are PIX firewalls and
NetCache proxies.  
Here is a netstat:
netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address        
State      
tcp        0      0 *:sunrpc                *:*                    
LISTEN      
tcp        0      0 *:ssh                   *:*                    
LISTEN      
tcp        0      0 cscnet08p:smtp          *:*                    
LISTEN      
udp        0      0 *:syslog               
*:*                                 
udp        0      0 *:sunrpc               
*:*                                 
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     1512   /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     93129  /dev/log

Here is my config:
options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (on);
          use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (on);
        };

source s_udp { udp(); };
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream
("/dev/log"); internal(); };

destination rlog { file("/var/log/$HOST/$MONTH.$DAY.log"
create_dirs(yes)      owner("log") group("log") perm(0600)); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
                     not (facility(mail)
                        or facility(authpriv) or facility(cron)); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };

log { source(s_udp); filter(f_filter7); destination(rlog); };
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };