<div dir="ltr"><div><div><div><div>Hi, <br><br></div>maybe you have SELinux or Apparmor enabled on the host that's preventing syslog-ng from writing to the specified destination?<br></div>See this post for pointers: <a href="https://www.balabit.com/blog/using-syslog-ng-with-selinux-in-enforcing-mode/">https://www.balabit.com/blog/using-syslog-ng-with-selinux-in-enforcing-mode/</a><br><br></div>HTH, <br><br></div>Robert<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 3, 2017 at 10:59 PM, vijay amruth <span dir="ltr"><<a href="mailto:vijayamruth@gmail.com" target="_blank">vijayamruth@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello all, hope you are all doing great.<div><br></div><div>I have set up syslog-ng on a host and I am able to see packets on tcpdump but syslog-ng is not wriiting to the specified paths.</div><div><br></div><div>I have checked firewall rules, filters, write permissions at the path. I have another host on the same VLAN with the same config that is able to receive packets and write to the destination.</div><div><br></div><div>what I am I missing ?</div><div><br></div><div><b>version used:</b></div><div><div>syslog-ng 3.9.1</div><div>Installer-Version: 3.9.1</div><div>Revision:</div><div>Module-Directory: /usr/local/lib/syslog-ng</div><div>Module-Path: /usr/local/lib/syslog-ng</div><div>Available-Modules: syslogformat,afsocket,affile,<wbr>afprog,afuser,afamqp,<wbr>afmongodb,csvparser,confgen,<wbr>system-source,linux-kmsg-<wbr>format,basicfuncs,cryptofuncs,<wbr>dbparser,json-plugin,afstomp,<wbr>pseudofile,graphite,sdjournal,<wbr>kvformat,date,cef,disk-buffer,<wbr>add-contextual-data</div><div>Enable-Debug: off</div><div>Enable-GProf: off</div><div>Enable-Memtrace: off</div><div>Enable-IPv6: on</div><div>Enable-Spoof-Source: off</div><div>Enable-TCP-Wrapper: off</div><div>Enable-Linux-Caps: off</div></div><div><br></div><div><br></div><div>syslog-ng -Fvde shows :</div><div>[2017-08-03T13:57:20.214552] Module loaded and initialized successfully; module='syslogformat'</div><div><br></div><div>Any help is appreciated.</div><div><br></div><div><br></div><div><div class="m_4570010214491925852gmail_signature"><div dir="ltr"><div>Thanks,<div>Vijay Amrut.</div></div></div></div>
</div></div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>