syslog NG not starting up when specifying an ip address but works as a catch all and write to file setup

Question

I am trying to setup a syslog NG server where i could collect all the logs. now ive managed to create the settings where the server will collect all the logs from all the servers and write it to a single file. but i was wondering if its possible to create a separate log file for each ip address. my config file is as below and every time i mention network it fails to start. can you please let me know where im going wrong?

log { source(s_src); filter(f_console); destination(d_console_all);
                                    destination(d_xconsole); };
log { source(s_src); filter(f_crit); destination(d_console); };
log {
  source(s_src);
  };
destination Windest {
  file("/var/log/test");
  };
source forwarder {
  network( ip(192.168.1.140));
  };
destination forwarderonedest {
  file("/var/log/forwarder1");
  };
log {
  source(forwarder);
  destination(forwarderonedest);
  };

the 

error i get when i try to restart is /etc/init.d/syslog-ng restart [....] Restarting syslog-ng (via systemctl): syslog-ng.serviceJob for syslog-ng.service failed because the control process exited with error code. See "systemctl status syslog-ng.service" and "journalctl -xe" for details. failed!

what works for me is

};

destination Windest {
  file("/var/log/test");
  };
source forwarder {
  tcp();
  udp();
  };
destination forwarderonedest {
  file("/var/log/forwarder1");
  };
log {
  source(forwarder);
  destination(forwarderonedest);
  };

and it works. but all the logs from all the machines get written on to a single file.

Answer 1

You can try the below configuration in order to split logs in two/more files: As per teh config below , syslog-ng server will be running on 2 different ports (your choice) i.e., 514 and 515. So, on client you can configure application logs to be forwarded to port 514 and system logs to port number 515. Syslog-ng server will handle the logs in two different files.

#### Local Logs ####
source s_local { system(); internal(); };
#### Source : Application Logs ####
source s_xyz_network {
    network(transport(tcp) ip(192.168.1.140)  port (514) flags(syslog-protocol));
    };
#### Source: System Logs #####
source s_sys_network {
    network(transport(tcp) ip(192.168.1.140)  port (515) flags(syslog-protocol));
    };
destination d_local {
file("/var/log/syslog-ng/local_sys_logs.log"); };
destination d_xyz_logs {
    file(
        "/var/log/syslog-ng/centralized_logs_xyz.log"
        owner("root")
        group("root")
        perm(0777)
        ); };
destination d_sys_logs {
    file(
        "/var/log/syslog-ng/centralized_sys_logs.log"
        owner("root")
        group("root")
        perm(0777)
        ); };
log {  source(s_xyz_network); destination(d_xyz_logs);};
log { source(s_local); destination(d_local);};
log { source (s_sys_network);destination(d_sys_logs);};

##### Config Ends ########

Hope this will help you :)