<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">This is the client side that I'm having issues with, not the syslog server, or loghost, side. Does it really need network configuration information in the source statement? I thought that was on the server side to show it which interface/port to listen on for clients.<br>
<br><div><div>On Dec 21, 2010, at 16:59, Clayton Dukes wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Looks like you need to define UDP or TCP (or both) in your src statement.<div><br></div><div>Here's a short (hopefully helpful) link to a video for syslog-ng configuration:</div><div><a href="http://www.logzilla.info/SearchResults.asp?Cat=49">http://www.logzilla.info/SearchResults.asp?Cat=49</a></div>
<div><br></div><div><a href="http://www.logzilla.info/SearchResults.asp?Cat=49"></a>Full disclosure, LogZilla is my log analysis software, but hopefully the video helps.</div><div><br></div><div><br clear="all">______________________________________________________________ <br>
<br>Clayton Dukes<br>______________________________________________________________<br>
<br><br><div class="gmail_quote">On Tue, Dec 21, 2010 at 4:43 PM, Jarrett Lee <span dir="ltr"><<a href="mailto:jarrett.lee@oversightsystems.com">jarrett.lee@oversightsystems.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I have syslog-ng 3.0.9 (also tried 3.0.8) on a CentOS 5.5 system, firewall (iptables) turned off, and SELinux disabled. For some reason it refuses to send logs to my log host, though it will put them in my messages file. I've even broken out tcpdump to monitor the port while generating logs to see if I can see any network traffic generated, but it's crickets on the wire.<br>
<br>
Anybody have this problem? Is there something I'm missing, perhaps I've been looking at it for too long and need fresh eyes? I've had this working before on other platforms, Solaris and other distros of Linux, but this time it's kicking my butt...<br>
<br>
Here's my syslog-ng.conf (with IP and port redacted):<br>
#### BEGIN syslog-ng.conf ####<br>
@version: 3.0<br>
<br>
options {<br>
};<br>
<br>
source src {<br>
internal();<br>
unix-stream("/dev/log");<br>
file("/proc/kmsg" program_override("kernel: "));<br>
};<br>
<br>
destination local {<br>
file("/var/log/messages");<br>
};<br>
destination loghost {<br>
tcp("IPADDR" port(PORT));<br>
};<br>
<br>
log {<br>
source(src);<br>
destination(local);<br>
};<br>
log {<br>
source(src);<br>
destination(loghost);<br>
};<br>
#### END syslog-ng.conf ####<br>
<br>
<br>
Thanks,<br>
Jarrett<br>
<font color="#888888"><br>
Jarrett Lee, UNIX Administrator<br>
OVERSIGHT SYSTEMS | <a href="http://www.oversightsystems.com/" target="_blank">www.oversightsystems.com</a><br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</font></blockquote></div><br></div>
______________________________________________________________________________<br>Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>FAQ: <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br></body></html>