Good day everyone,
I have a setup of syslog-ng here that captures the logs of all my machines (~3900) and for every host, it creates a folder with the hostname (or the IP, if the hostname cannot be determined) and then stores the logs. This part works fine.
Now I have 5 switches that also report logs using standard syslog (udp on pot 514). I have the udp(); keywork in my source config. I checked with tcpdump that the packets were corretly sent, but is there a way for me to make sure syslog receives the data? I have to found why syslog-ng doesn't create a folder for these switches.
Thanks a lot for your help.