engineyard/ey-cloud-recipesのpapertrailが3.3.5を指定しているのを3.2.5で動作させる様に修正した際のdiff結果です。

ey-cloud-recipes_papertrail_syslog-ng-3.2.5_diff

diff --git a/cookbooks/papertrail/recipes/default.rb b/cookbooks/papertrail/recipes/default.rb
index f1ef49c..27ca836 100644
--- a/cookbooks/papertrail/recipes/default.rb
+++ b/cookbooks/papertrail/recipes/default.rb
@@ -13,9 +13,9 @@
 app_name = node[:applications].keys.first
 env = node[:environment][:framework_env]
 PAPERTRAIL_CONFIG = {
-  :syslog_ng_version         => '3.3.5',
+  :syslog_ng_version         => '3.2.5',
   :remote_syslog_gem_version => '~>1.6',
   :port                      => 11111111111111, # YOUR PORT HERE
   :hostname                  => [app_name, node[:instance_role], `hostname`.chomp].join('_'),
   :other_logs => [
     '/var/log/engineyard/nginx/*log',
diff --git a/cookbooks/papertrail/templates/default/remote_syslog.initd.erb b/cookbooks/papertrail/templates/default/remote_syslog.initd.erb
index 715ecda..c60852a 100644
--- a/cookbooks/papertrail/templates/default/remote_syslog.initd.erb
+++ b/cookbooks/papertrail/templates/default/remote_syslog.initd.erb
@@ -9,7 +9,7 @@ start() {
     ebegin "Starting ${NAME}"

     start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
-        --exec /usr/bin/remote_syslog -- $DAEMON_ARGS
+        --exec /usr/local/bin/remote_syslog -- $DAEMON_ARGS

     eend $?
 }
@@ -18,7 +18,7 @@ stop() {
     ebegin "Stopping ${NAME}"

     start-stop-daemon --stop --pidfile $PIDFILE --name $NAME \
-        --exec /usr/bin/remote_syslog
+        --exec /usr/local/bin/remote_syslog

     eend $?
 }
diff --git a/cookbooks/papertrail/templates/default/syslog-ng.conf.erb b/cookbooks/papertrail/templates/default/syslog-ng.conf.erb
index bc3ff4c..ce20d58 100644
--- a/cookbooks/papertrail/templates/default/syslog-ng.conf.erb
+++ b/cookbooks/papertrail/templates/default/syslog-ng.conf.erb
@@ -1,50 +1,124 @@
-@version: 3.3
-# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.3,v 1.2 2011/10/04 23:15:44 mr_bones_ Exp $
+@version: 3.2
+# Copyright 2005-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened.3.2,v 1.1 2011/01/18 17:44:14 mr_bones_ Exp $
+
+#
+# Syslog-ng configuration file, compatible with default hardened installations.
 #
-# Syslog-ng default configuration file for Gentoo Linux
-
-options {
-       threaded(yes);
-       chain_hostnames(no);
-
-       # The default action of syslog-ng is to log a STATS line
-       # to the file every 10 minutes.  That's pretty ugly after a while.
-       # Change it to every 12 hours so you get a nice daily update of
-       # how many messages syslog-ng missed (0).
-       stats_freq(43200);
-       # The default action of syslog-ng is to log a MARK line
-       # to the file every 20 minutes.  That's seems high for most
-       # people so turn it down to once an hour.  Set it to zero
-       # if you don't want the functionality at all.
-       mark_freq(3600);
+
+options {
+        chain_hostnames(no);
+        stats_freq(43200);
+        mark_freq(3600);
 };

 source src {
-    unix-stream("/dev/log" max-connections(256));
+    unix-stream("/dev/log");
     internal();
+};
+source kernsrc {
     file("/proc/kmsg");
 };

-destination messages { file("/var/log/messages"); };
+#source net { udp(); };
+#log { source(net); destination(net_logs); };
+#destination net_logs { file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY.log"); };
+
+destination authlog { file("/var/log/auth.log"); };
+destination _syslog { file("/var/log/syslog"); };
+destination cron { file("/var/log/cron.log"); };
+destination daemon { file("/var/log/daemon.log"); };
+destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };
+destination lpr { file("/var/log/lpr.log"); };
+destination user { file("/var/log/user.log"); };
+destination uucp { file("/var/log/uucp.log"); };
+#destination ppp { file("/var/log/ppp.log"); };
+destination mail { file("/var/log/mail.log"); };
+
+destination avc { file("/var/log/avc.log"); };
+destination audit { file("/var/log/audit.log"); };
+destination pax { file("/var/log/pax.log"); };
+destination grsec { file("/var/log/grsec.log"); };
+
+destination mailinfo { file("/var/log/mail.info"); };
+destination mailwarn { file("/var/log/mail.warn"); };
+destination mailerr { file("/var/log/mail.err"); };
+
+destination newscrit { file("/var/log/news/news.crit"); };
+destination newserr { file("/var/log/news/news.err"); };
+destination newsnotice { file("/var/log/news/news.notice"); };

-# By default messages are logged to tty12...
+destination debug { file("/var/log/debug"); };
+destination messages { file("/var/log/messages"); };
+destination console { usertty("root"); };
 destination console_all { file("/dev/tty12"); };
-# ...if you intend to use /dev/console for programs like xconsole
-# you can comment out the destination line above that references /dev/tty12
-# and uncomment the line below.
-#destination console_all { file("/dev/console"); };
+#destination loghost { udp("loghost" port(999)); };
+
+destination xconsole { pipe("/dev/xconsole"); };
+
+filter f_auth { facility(auth); };
+filter f_authpriv { facility(auth, authpriv); };
+filter f_syslog { not facility(authpriv, mail); };
+filter f_cron { facility(cron); };
+filter f_daemon { facility(daemon); };
+filter f_kern { facility(kern); };
+filter f_lpr { facility(lpr); };
+filter f_mail { facility(mail); };
+filter f_user { facility(user); };
+filter f_uucp { facility(uucp); };
+#filter f_ppp { facility(ppp); };
+filter f_news { facility(news); };
+filter f_debug { not facility(auth, authpriv, news, mail); };
+filter f_messages { level(info..warn)
+        and not facility(auth, authpriv, mail, news); };
+filter f_emergency { level(emerg); };
+
+filter f_info { level(info); };

-log { source(src); destination(messages); };
+filter f_notice { level(notice); };
+filter f_warn { level(warn); };
+filter f_crit { level(crit); };
+filter f_err { level(err); };
+
+filter f_avc { message(".*avc: .*"); };
+filter f_audit { message("^(\[.*\..*\] |)audit.*") and not message(".*avc: .*"); };
+filter f_pax { message("^(\[.*\..*\] |)PAX:.*"); };
+filter f_grsec { message("^(\[.*\..*\] |)grsec:.*"); };
+
+log { source(src); filter(f_authpriv); destination(authlog); };
+log { source(src); filter(f_syslog); destination(_syslog); };
+log { source(src); filter(f_cron); destination(cron); };
+log { source(src); filter(f_daemon); destination(daemon); };
+log { source(kernsrc); filter(f_kern); destination(kern); };
+log { source(src); filter(f_lpr); destination(lpr); };
+log { source(src); filter(f_mail); destination(mail); };
+log { source(src); filter(f_user); destination(user); };
+log { source(src); filter(f_uucp); destination(uucp); };
+log { source(kernsrc); filter(f_pax); destination(pax); };
+log { source(kernsrc); filter(f_grsec); destination(grsec); };
+log { source(kernsrc); filter(f_audit); destination(audit); };
+log { source(kernsrc); filter(f_avc); destination(avc); };
+log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
+log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
+log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
+log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
+log { source(src); filter(f_news); filter(f_err); destination(newserr); };
+log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
+log { source(src); filter(f_debug); destination(debug); };
+log { source(src); filter(f_messages); destination(messages); };
+log { source(src); filter(f_emergency); destination(console); };
+#log { source(src); filter(f_ppp); destination(ppp); };
 log { source(src); destination(console_all); };

-# everything above this line copied verbatim from syslog-ng 3.3.5 default install on 7/20/12 by @seamusabshere
-# everything below this line added by cookbooks/papertrail/recipes/default.rb
 destination d_papertrail {
   # UDP (insecure)
   # udp("logs.papertrailapp.com" port(<%= @port %>));
   # TLS
   tcp("logs.papertrailapp.com" port(<%= @port %>) tls(ca_dir("/etc/syslog-ng/cert.d")) );
 };
+
 log {
   source(src); destination(d_papertrail);
 };