Ok,
 
I copied the the Solaris 8 libnet-config file to the /tmp/foo folder on Solaris 9. I then ran:

LD_LIBRARY_PATH=/tmp/foo:$LD_LIBRARY_PATH truss /usr/local/sbin/syslog-ng -f /usr/local/etc/syslog-ng.conf -F &

I get the same result... Whenever I apply the spoof_source(yes) to the config I do not get any messages forwarded to the destination. If I remove the spoof_source(yes) messages flow but with the source IP address from the syslog-ng server...
 
The truss output is quite huge! Is there any piece of the truss output that would help me to troubleshoot this? Is libnet-config the only thing I need or do I need something in addition to libnet-config?
 
Thanks for all of your help!


 
On 10/13/05, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Tue, 2005-10-11 at 22:50 -0400, Chance Ellis wrote:
> Nate,
>
> Thanks for replying. I did try that but I get the same results... UDP
> destinations work until I add the spoof_source to the destination.
>
> How does the spoof_source work? Does it call some external library
> that I have the wrong version of on the Solaris9 boxes? What about
> lex? I also ran debug on the syslog-ng runtime and it just spews a
> bunch of senseless info. Might it be helpful if I post that?

it uses libnet to generate output packets. you might try to truss
syslog-ng as it tries to send a spoofed source packet and see what it
does.

--
Bazsi

_______________________________________________
syslog-ng maillist  -   syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html