<br><span style="font-family: courier new,monospace;">I can't get syslog-ng to listen on port 514 using the tcp or udp sources. First, I have defined entries in /etc/services as follows:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">syslog-ng-udp 514/udp syslog</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">syslog-ng-tcp 514/tcp syslog</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">I have of course disabled the default system-log service.</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">The following two I can't get to work/listen: (Verifying this with netstat -a)</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source s_udp { udp(port(514)); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">source s_tcp { tcp(port(514)); };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">I can get it to listen with the following:</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">source s_syslog { syslog( transport("udp") port(514) ); };<br>
OR<br></span></span><span style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">source
s_syslog { syslog( transport("tcp") port(514) ); };</span></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"></span><br>
# netstat -a<br>UDP: IPv4<br> Local Address Remote Address State<br>-------------------- -------------------- ----------<br> *.syslog-ng-udp Idle<br><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">However, syslog-ng doesn't seem to be doing anything with this. I can see the syslog message when snooping the interface on my syslog-ng server:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">root@log01:~# snoop -d nge0 udp port 514 </span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Using device nge0 (promiscuous mode)</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> ds01 -> log01 SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:22:08 </span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> ds01 -> log01 SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:11 </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> ds01 -> log01 SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:17 </span><br style="font-family: courier new,monospace;"><br>Here is the catch all log statement I am using:<br>
destination r_messages { file ("/var/adm/messages_test"); };<br>log { source (s_syslog); destination (r_messages); };<br><br>Anyone have any ideas?<br><br>Thx,<br>CC<br></span><br><br>