On Wed, Nov 19, 2003 at 08:53:51AM -0600, Daniel Flick wrote:
On Tue, 2003-11-18 at 03:06, Balazs Scheidler wrote:
On Mon, Nov 17, 2003 at 02:56:49PM -0600, Daniel Flick wrote:
I have been beating my head against a wall getting this to work but no joy. Syslog-ng is running and logging on the local system but no remote logs are being saved. Devices in question are PIX firewalls and NetCache proxies.
Have you checked whether syslog-ng is actually receiving messages ?
tcpdump and strace would help here. tcpdump shows that the firewalls are contacting the machine.
I was not able to get anything of value with "strace syslog-ng" I am new to this tool so I may not be using it right. This is the only error I could find but I don't know what that means.
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
check the pid of the syslog-ng process as it is running in the background, and attach to it using strace strace -s 256 -o /tmp/syslog-ng.trace -p <syslog-ng pid> run it for a couple of seconds, to let your firewall send syslog messages. Then grep the file /tmp/syslog-ng.trace for the string "recvfrom" Each received message should have a corresponding recvfrom() call. If you can't see anything either syslog-ng is not correctly bound, or your packet filter drops syslog traffic. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1