[syslog-ng] Still not working at the most basic level

[lance raymond]

ok, so can anyone say how to troubleshoot the most basic scenario to start.
1 server, 1 client, have client write logs to server?  I will show both
config files, please note tI have tried both UDP and TCP and neither work.
I did notice doing an lsof |grep syslog that the port does change from udp
to tcp so I know it's reading the config file, I just don't know how to turn
on some debugging or another way to trace the log as it's still being
written to the client.

ok, so *server config is;*
#source s_remote  { udp(); };
source s_remote  { tcp(); };
## This will create seprate file for each client on central log server and
log http messages
destination d_clients { file("/var/log/web.$HOST.log"); };
log { source(s_remote); destination(d_clients); };
#################################################################

options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};

source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
#udp(ip(0.0.0.0) port(514));
};

## This will log local http messages to defined file

destination send_http_logs { file("/var/log/web.log"); };

filter send_http_logs {
program("httpd.*");
};

log {
source(s_sys);
filter(send_http_logs);
destination(send_http_logs);
};

and the server shows the following running process;
root     30945  0.0  0.0   7240   636 ?        Ss   11:24   0:00
/sbin/syslog-ng -p /var/run/syslogd.pid

*Client side:*

options {
           sync (0);
         time_reopen (10);

          log_fifo_size (1000);
          long_hostnames(on);
          use_dns(yes);
          dns_cache(yes);
          use_fqdn(no);
          create_dirs (yes);
          keep_hostname (yes);
          perm(0640);
          dir_perm(0750);

};

source s_sys {
   file ("/proc/kmsg" log_prefix("kernel: "));
   unix-stream ("/dev/log");
   internal();
};
#destination send_http_logs { udp("192.168.2.54" port(514)); };
destination send_http_logs { tcp("192.168.2.54" port(514)); };


filter send_http_logs {
program("httpd.*");
};

log {
source(s_sys);
filter(send_http_logs);
destination(send_http_logs);
};

and the running process are;
root      1607  0.0  0.0   6216   904 ?        Ss    2008   0:48 syslogd -m
0
root     28374  0.0  0.0   7368   564 ?        Ss   11:24   0:00
/sbin/syslog-ng -p /var/run/syslogd.pid

Not sure if the client is supposed to have 2 processes or not, but any help
is really appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090209/e3d31f7c/attachment.htm