Solved the issue.. even though I upgraded to syslog-ng from sysklogd, the sysklod process was still running and one service (stunnel) was stuck logging to it. Essentially both services were writing to /var/log/messages. Yuck. Solved that in our config management system so it wont happen again. —Matt On Apr 8, 2011, at 11:52 AM, Balazs Scheidler wrote:
Hi,
On Fri, 2011-04-08 at 11:22 -0700, Matt Wise wrote:
I'm doing some logging from clients -> servers via syslog-ng over a TCP session with stunnel. On my client, I'm seeing some log messages come in that are not making it to the server.. reliably. I don't have any filtering setup I don't think — is there some default setting somewhere that I don't know about that only passes certain types of messages to the remote dest? Do I need to specify somewhere 'send all'?
Can I ask why you are using stunnel instead of the built-in SSL support in syslog-ng?
Whats quite strange is that I have the hosts logging to 2 systems right now.. old syslog-ng server, and new one. The old one is getting all of the messages, but the new one is ignoring messages like these:
Apr 8 18:21:43 xxx stunnel: LOG5[5459:1079724352]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
It seems to get all other messages.. but messages that have that LOG5 or LOG3 or LOG7 appended to them seem to get lost in translation... any ideas?
this sounds like a strange bug to me, if it is indeed a bug. can you check that:
1) the messages in question really reach syslog-ng (running syslog-ng in foreground and in debug mode will tell you what it did receive)
2) if they do, then it's probably with the configuration
3) if they don't, then it's a client issue.
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html