lists@grounded.net wrote on 03/07/2008 08:44 :
What does the default syslog-ng installation use, tcp or udp? The
I'm not sure about a default, however in our configuration we have: source src_udp { udp(ip(x.x.x.x) port(514)); }; source src_tcp { tcp(ip(x.x.x.x) port(514) max-connections(250) tcp-keep-alive(yes)); }; So in this case our server listens on port 514/udp and on 54/tcp, on the specified IP address (x.x.x.x). I don't look after the firewalls, however I'm fairly certain that they use UDP by default. That's certainly how we're receiving the logs.
netscreen can't seem to reach the syslog-ng server but it can reach my other linux syslog servers.
Is there a blockage in the network somewhere? Our NetScreen's log via their management interface, so the log server has a presence on both the management and production networks. (So we actually have two sets of the 'source ...' lines above in the config - one for an IP on the production network and one for an IP on the management network.) Phil