On the sda filter, I'm guessing you have another file that also defines a kernel filter. Syslog-ng won't start if a definition occurs twice, unless you specifically allow duplicates. So it wasn't scribe or uiScribe that was choking on the sda file, it was syslog-ng itself. But that is why your logs weren't updating; syslog-ng didn't start. I don't think you need that filter in your sda file in the first place, since the messages seem so specific. So try it with just the message filter. If you need it, delete it from all of your log files and put it in its own file once. Don't put it in syslog-ng.conf, cuz that will get overwritten.
A general debugging tool is to run "syslog-ng -Fevd" from a terminal prompt. If syslog-ng isn't starting, it will show you exactly why.
A couple of minor things. You don't need to create the log files themselves; syslog-ng will create them if they don't exist. You don't need to reboot to start syslog-ng--you can do it directly from scribe or a command line (but scribe is much easier).
The five hour thing looks like a time zone thing. Not ringing a bell immediately.
For a log to be listed in uiScribe, you have to run uiScribe again to reset the logs.
Last, if you just want to delete a log message, you don't need to send it to its own file. Just leave out the destination specification. If no destination is specified, syslog-ng deletes it.
A general debugging tool is to run "syslog-ng -Fevd" from a terminal prompt. If syslog-ng isn't starting, it will show you exactly why.
A couple of minor things. You don't need to create the log files themselves; syslog-ng will create them if they don't exist. You don't need to reboot to start syslog-ng--you can do it directly from scribe or a command line (but scribe is much easier).
The five hour thing looks like a time zone thing. Not ringing a bell immediately.
For a log to be listed in uiScribe, you have to run uiScribe again to reset the logs.
Last, if you just want to delete a log message, you don't need to send it to its own file. Just leave out the destination specification. If no destination is specified, syslog-ng deletes it.
Last edited: