I have LMS 2.5. I have been trying to get the syslog portion set up. I get an error in the syslogcollector log that says unable to add monitor. I know next to nothing about syslog. I have tried to find info on the web, and it always talks about a Remote Syslog Collector. Can the syslog collector and the syslog analyzer be the same box? Because that is all I have, one box.
This is exactly what I thought. You have bad filter settings. When you disable or delete all of your filters, but keep the mode set to DROP, all messages will be dropped (hence the Forwaded count of 0). If you just want to verify syslog is working, disable all your filters, and set the mode to KEEP. Send some test messages, and the Forwarded count should start increasing. Once that happens, syslog messages should be written to the database.