[syslog-ng] Newbie Looking for Help

[Mark R. White]

Okay, I've got my syslog-ng semi-working.  Thanks to all of you for your 
help.  I have one more question, I'm logging using this:

destination hosts {
   file("/var/log/network/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY"
   owner(root) group(root) perm(0644) dir_perm(0744) create_dirs(yes));
};

log {
        source(s_all);
        destination(hosts);
};


It's logging all local activity the way it's suppose to be.  I have it  
setup to accept log messages from external sources:

source s_all {
        # message generated by Syslog-NG
        internal();
        # standard Linux log source (this is the default place for the 
syslog()
        # function to send logs to)
        unix-stream("/dev/log");
        # messages from the kernel
        file("/proc/kmsg" log_prefix("kernel: "));
        # use the following line if you want to receive remote UDP 
logging messages
        # (this is equivalent to the "-r" syslogd flag)
        udp();
};

My network engineer says he has our corporate pix box pointed to this 
server, yet I'm not getting any logs.  Do I need to specify the facility 
that it's logging to?  And if so, where do I specify that in this set 
up?  I assumed once I had it setup to log, and I was accepting external 
connections, it would log it into the file system as stated above and I 
wouldn't have to specify logging for each facility, local4 in this 
specific case.   Is it not correct to assume that since I have 
uncommented udp, all udp logging traffic would be defined by the s_all 
variable and forced to log the same as all other syslog data?   Thanks 
again for all of your help. 

Mark

"It's days like this I think I should give my job as a UNIX sytems admin 
and go work at Best Buy!"