Sorry for the confusion. I was testing different ports and forgot to change it back. This is not the problem. "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD" wrote:
Sim,
I have just a couple of other questions.
What is the address of your loghost and the address of the clients? I'm looking at your two configs and I want to make sure that the destination for the problem machine is ok. Do you have a 192.168.1.19 host on your network and is it listening for tcp connections on port 514? In the loghost config you reference a source of 192.168.1.1 which tells me that your loghost is 192.168.1.1. If you are trying to establish a connection to a host using the tcp/ip you also need to make sure that the host is listening for tcp/ip connections. The loghost config is listening for tcp/ip on 192.168.1.1 port 10001 and you are trying to make a tcp connection with 192.168.1.19 on port 514. Is this what you are intending, if so this won't work. Change your destination in your client to read destination d_bg {tcp("192.168.1.1:10001") }; That should at least let you log to that loghost.
Regards, Drew
This rule seems to work but it still isn't logging anything over the network. Will syslog and syslog-ng conflict if they are both running? Does klogd need to be restarted if I want to use syslog-ng? I think that this rule will work. Didn't give any errors. thanks, sim Balazs Scheidler wrote:
What is the address of your loghost and the address of the clients? I'm looking at your two configs and I want to make sure that the destination for the problem machine is ok. Do you have a 192.168.1.19 host on your network
and is it listening for tcp connections on port 514? In the loghost config
you reference a source of 192.168.1.1 which tells me that your loghost is 192.168.1.1. If you are trying to establish a connection to a host using the tcp/ip you also need to make sure that the host is listening for tcp/ip
connections. The loghost config is listening for tcp/ip on 192.168.1.1 port 10001 and you are trying to make a tcp connection with 192.168.1.19 on port
514. Is this what you are intending, if so this won't work. Change your destination in your client to read destination d_bg {tcp("192.168.1.1:10001") }; That should at least let you log to that loghost.
destination d_bg { tcp("192.168.1.19:514"); };
destination tcp drivers should look like this:
destination d_bg { tcp("192.168.1.19" port(514)); };
-- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng