lsof output ... (currently configured for TCP 514)<div><br></div><div><span style>syslog-ng 26027 root 3u IPv4 88122 TCP *:shell (LISTEN)</span> </div><div><br></div><div>And I have IPTables configured to allow it ... but just to make sure I stopped the service and still the same thing. I tried this on a newer version of syslog-ng and it seems to work just fine (v3.2.5). I'll see if I can compile and do an rpmbuild on a newer version and see if that fixes it. If it doesn't, there must be somethign going on with the LVS setup .. however other services are working fine on that IP ... SSH, NTP.</div>
<div><br></div><div>Thanks
<span style>Gergely</span> <br><br><div class="gmail_quote">On Mon, Jun 4, 2012 at 8:48 AM, Gergely Nagy <span dir="ltr"><<a href="mailto:algernon@balabit.hu" target="_blank">algernon@balabit.hu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>"N. Max Pierson" <<a href="mailto:nmaxpierson@gmail.com" target="_blank">nmaxpierson@gmail.com</a>> writes:<br>
<br>
> I've setup a LVS cluster which is working perfectly. The problem I am<br>
> having is when I have a logical interface ip (or no ip at all, interface is<br>
> eth0:1) when using the tcp/udp driver, it does not seem to bind correctly<br>
> and accept messages on the port specified. When using udp, I try a port<br>
> scan with nmap and it shows the port on the logical interface a "closed".<br>
> When I try tcp, it shows "filtered". The primary ip on interface eth0<br>
> accepts logs with no issues. Can syslog-ng bind to logical interfaces as<br>
> described above and receive logs on multiple addresses??<br>
<br>
</div>While I haven't seen 2.1.x in ages, I believe it should be able to do<br>
that, indeed.<br>
<br>
You can check which addresses it listens on by running lsof -p $PID<br>
(replace $PID with the actual pid of the syslog-ng process).<br>
<div><br>
> A netstat -a shows *:syslog or when I outright specify the logical ip,<br>
> it shows the logical ip, but as stated above ... it's either closed or<br>
> filtered. I've searched all over, but it seems my google foo is not<br>
> matching anything.<br>
<br>
</div>Might it not be a firewall in front of your system, somewhere? If lsof,<br>
or netstat shows syslog-ng is bound to the right IP and port, then all<br>
should be well.<br>
<span><font color="#888888"><br>
--<br>
|8]<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</font></span></blockquote></div><br></div>