i’m trying to integrate a SLES 10 server to a syslog server for centralized logging.
I followed the steps in this article: http://www.novell.com/coolsolutions/feature/18044.html
However it doesn’t work. If I “logger user.notice test” i can see the test message in /var/log/messages but no log was send to the loghost. And tcpdump captures no packets.
Then i noticed there are 3 files under /etc/syslog-ng:
-rw-r–r-- 1 root root 6794 Jun 27 2012 syslog-ng.conf
-rw-r–r-- 1 root root 5638 Jun 11 10:43 syslog-ng.conf.SuSEconfig
-rw-r–r-- 1 root root 5656 Jun 11 10:43 syslog-ng.conf.in
Everytime when i change syslog-ng.conf.in and run SuSEconfig, syslog-ng.conf.SuSEconfig is changed accordingly. The syslog-ng.conf doesn’t change at all. I tried to edit syslog-ng.conf directly (although not recommend, i know) and restart syslog-ng by /etc/init.d/syslog restart. Magic happened, it worked.
I feel uncomfortable about it because I made it work by a “forbidden” way. Could anyone explain why the recommended way not work? Any thing i did wrong?