On 2007-05-22 17:43, Registration Account wrote:
> Darryl I tested yesterday with the space and there is no difference.
>
> I did however make some progress with the following
>
> source src { unix-stream("/var/log/skot"); internal(); udp(ip(0.0.0.0)
> port(514)); };
>
That is definitely not right. Your source is the udp port only, and the
file /var/log/skot is not a Unix stream.
You definitely do not want to include the UDP source in the one that
comes in the .conf file, because you wish to have separate output. Make
your own source, it is much easier (you don't have to create any filters
this way):
1. remove the udp stuff from "source src ....".
2. then add the following three into the .conf file:
source my_src { udp(ip(0.0.0.0) port 514); };
(Note here that you can bind this to a specific device, if that device
will have a fixed IP.)
destination my_dest { file("/var/log/skot" ); };
log { source(my_src); destination(my_dest); };
3. finally, as root "rcsyslog reload"
--
Moral indignation is jealousy with a halo. -- HG Wells
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
