Ok, I copied the the Solaris 8 libnet-config file to the /tmp/foo folder on Solaris 9. I then ran: LD_LIBRARY_PATH=/tmp/foo:$LD_LIBRARY_PATH truss /usr/local/sbin/syslog-ng -f /usr/local/etc/syslog-ng.conf -F & I get the same result... Whenever I apply the spoof_source(yes) to the config I do not get any messages forwarded to the destination. If I remove the spoof_source(yes) messages flow but with the source IP address from the syslog-ng server... The truss output is quite huge! Is there any piece of the truss output that would help me to troubleshoot this? Is libnet-config the only thing I need or do I need something in addition to libnet-config? Thanks for all of your help! On 10/13/05, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Tue, 2005-10-11 at 22:50 -0400, Chance Ellis wrote:
Nate,
Thanks for replying. I did try that but I get the same results... UDP destinations work until I add the spoof_source to the destination.
How does the spoof_source work? Does it call some external library that I have the wrong version of on the Solaris9 boxes? What about lex? I also ran debug on the syslog-ng runtime and it just spews a bunch of senseless info. Might it be helpful if I post that?
it uses libnet to generate output packets. you might try to truss syslog-ng as it tries to send a spoofed source packet and see what it does.
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html