penlog and penlogd

I am having trouble getting pen, penlog and penlogd to generate combined access
logs. Right now the access_log file is 0 bytes and does not appear to be
updated by penlogd. I have two servers, one runs pen, penlog, penlogd and httpd
(206.123.111.26 and 206.123.111.27). The other runs penlog and httpd only
(10.1.1.12).

If I run penlogd with the -df option, I get the following messages:

2005-04-18 17:23:30: Logging to /var/log/pen/access_log
2005-04-18 17:23:30: Writing pid 19563 to /var/run/penlogd.pid
2005-04-18 17:23:30: Enter main loop
2005-04-18 17:23:32: bogus web line common
2005-04-18 17:23:34: bogus web line common
2005-04-18 17:24:08: bogus web line common

I'm assuming this has to do with: "The optional third argument is used if
the server has several addresses. Penlogd uses the source address to
identify the server, and it must be identical to the address configured in the
command line to Pen."

However, in each of the web servers, I have:
CustomLog "|/usr/local/bin/penlog 206.123.111.27 10000 206.123.111.26" common
CustomLog "|/usr/local/bin/penlog 206.123.111.27 10000 10.1.1.12" common

My command to run pen is:
pen -p /var/run/pen2.pid -w /pen_stats2.html -b 120 -T 3600 -n -x 507 -c 4096 -l
206.123.111.27:10000 206.123.111.27:80 206.123.111.26:80 10.1.1.12:80

Can you point me in the right direction to troubleshoot this? I was sure to open
a hole in iptables from 10.1.1.12, udp port 10000 but since it's udp and not
tcp, I'm not sure how to test this (can't use telnet.) It seems that penlogd is
ignoring the log lines being sent from penlog however, I am passing penlog the
correct server IP according to penlog(1).
Received on Tue Apr 19 2005 - 00:28:53 CEST