<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
OK - The best advice I can give is to try and narrow down what the
difference is between the system whose logs you are seeing and the
one you are not.<br>
<br>
One point from your note - your server is not "polling" logs (that
is - it is not sending packets to the firewalls to retrieve the
data). A syslog process is *sending* logs to your server, so before
you do anything else:<br>
<br>
First - make certain the logs are actually leaving the server that
you don't see.<br>
<br>
Very specifically: use tcpdump to verify that you see packets.<br>
You can do this from the firewall itself (to make sure the packets
are being sent) <br>
If you see packets leaving the firewall for the correct destination
(address, port and protocol) then<br>
use tcpdump on your syslog server to check if the packets are
arriving.<br>
<br>
(you can check this in either order - but you need to know for
certain the packets are arriving at the log server BEFORE you spend
any more time wondering what the problem is)<br>
<br>
If you don't know how to do this - take the opportunity and learn.
It is pretty straightforward and the skill will serve you well in
lots of future debugging.<br>
<br>
There is NO purpose in looking at the syslog configuration if you
are not absolutely sure the packets are arriving. <br>
<br>
(I have seen many instances where I thought the server was sending
logs when it simply was not)<br>
<br>
Good luck!<br>
Jim<br>
<br>
<div class="moz-cite-prefix">On 07/08/2014 07:27 AM, Riyas Ahamed
wrote:<br>
</div>
<blockquote
cite="mid:D3575540DD83E240B54E3F7C47C9030922CB1C82@INCHEAMVW081.ad.csscorp.com"
type="cite">
<pre wrap="">Hi,
Iam using Cenos 6.5 operating system and syslog-ng version is 3.2.5.
I have connected two firewalls to syslog-ng server to poll the logs. But I can get log of one firewall and another firewall logs are not polling into syslog-ng server.
In this mail I have attached my syslogng configuration file and log results of syslog-ng.
Please help me to get poll all types of logs in syslog-ng server of both the firewalls.
Thanks
Riaz Ahmed
(9047166496)
________________________________________
From: <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a> [<a class="moz-txt-link-abbreviated" href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a>] on behalf of <a class="moz-txt-link-abbreviated" href="mailto:jrhendri@roadrunner.com">jrhendri@roadrunner.com</a> [<a class="moz-txt-link-abbreviated" href="mailto:jrhendri@roadrunner.com">jrhendri@roadrunner.com</a>]
Sent: Friday, July 04, 2014 6:24 PM
To: Syslog-ng users' and developers' mailing list; <a class="moz-txt-link-abbreviated" href="mailto:stuart.green@doccentrics.com">stuart.green@doccentrics.com</a>
Subject: Re: [syslog-ng] syslog problem
seriously - we are going to need more information to be any help.
what configuration?
what have you checked?
what results are you seeing ?
that said - at least you can check if the packets are getting to your syslog server with tcpdump.
Jim
---- Stuart Green <a class="moz-txt-link-rfc2396E" href="mailto:stuart.green@doccentrics.com"><stuart.green@doccentrics.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
With no information on the environment, or setup thus far all I can
suggest is:
Can you verify that the syslog-ng server is accepting connections
across your lan by doing some analysis with netcat?
<a class="moz-txt-link-freetext" href="http://www.rackspace.com/knowledge_center/article/testing-network-services-with-netcat">http://www.rackspace.com/knowledge_center/article/testing-network-services-with-netcat</a>
Regards,
Stuart
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
I have configured syslog-ng but I cannot able to see logs of network
devices in syslog-ng server. Please help me to sort-out the problem.
Regards,
**
*N.B.Riaz Ahmed*
<a class="moz-txt-link-freetext" href="http://www.csscorp.com/common/email-disclaimer.php">http://www.csscorp.com/common/email-disclaimer.php</a>
______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
<a class="moz-txt-link-freetext" href="http://www.csscorp.com/common/email-disclaimer.php">http://www.csscorp.com/common/email-disclaimer.php</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</body>
</html>