I can't get syslog-ng to listen on port 514 using the tcp or udp sources. First, I have defined entries in /etc/services as follows:
syslog-ng-udp   514/udp         syslog
syslog-ng-tcp   514/tcp         syslog


I have of course disabled the default system-log service.

The following two I can't get to work/listen: (Verifying this with netstat -a)
source s_udp           { udp(port(514)); };
source s_tcp           { tcp(port(514)); };

I can get it to listen with the following:
source s_syslog                { syslog( transport("udp") port(514) ); };
OR
source s_syslog                { syslog( transport("tcp") port(514) ); };

# netstat -a
UDP: IPv4
   Local Address        Remote Address      State
-------------------- -------------------- ----------
      *.syslog-ng-udp                      Idle

However, syslog-ng doesn't seem to be doing anything with this. I can see the syslog message when snooping the interface on my syslog-ng server:
root@log01:~# snoop -d nge0 udp port 514    
Using device nge0 (promiscuous mode)
  ds01 -> log01  SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:22:08
  ds01 -> log01  SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:11
  ds01 -> log01  SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:17

Here is the catch all log statement I am using:
destination r_messages { file ("/var/adm/messages_test"); };
log { source (s_syslog);                destination (r_messages); };

Anyone have any ideas?

Thx,
CC

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html