Hi there --

I am testing LogAnalyzer 3.0, with several Linux servers configured to send their log files to the central server. All Linux servers use syslog as the daemon of choice.

While it does appear that LogAnalyzer to be working somewhat, I noticed that a particular log file present on all servers, secure, does not have any entries appearing at the central server. The configuration of the secure file, via the /etc/syslog.conf file, on all servers is shown below:

Do I need to make any additional modifications to the syslog.conf or any other file? Thanks.

Unless this line is preceded by one sending this specific facility / priority pair (or everything) to your remote server it's only sending them to a file?

Hi there --

Thanks for your reply. If I understand you correctly, should the syntax be as follows:

I do have the line:

already at the beginning of the file so shouldn't that be enough?

Yes it should. Can you confirm that if you use Mike Hammers famous 'logger -p authpriv.emerg -t test "Trust me, I know what I'm doing."' quote on one of the clients this message at least gets sent and received using tcpdump to capture packets on both client and server?

Hi there --

I ran the logger command with the 'recommended' syntax, and while the message did appear on-screen, there was no reference to in any log file on the client, nor did it appear on the central log server.

The entries from the /var/log/messages file do make it to the central server, but so far those are the only ones that do make it.