Hi, maybe you have SELinux or Apparmor enabled on the host that's preventing syslog-ng from writing to the specified destination? See this post for pointers: https://www.balabit.com/blog/using-syslog-ng-with-selinux-in-enforcing-mode/ HTH, Robert On Thu, Aug 3, 2017 at 10:59 PM, vijay amruth <vijayamruth@gmail.com> wrote:
Hello all, hope you are all doing great.
I have set up syslog-ng on a host and I am able to see packets on tcpdump but syslog-ng is not wriiting to the specified paths.
I have checked firewall rules, filters, write permissions at the path. I have another host on the same VLAN with the same config that is able to receive packets and write to the destination.
what I am I missing ?
*version used:* syslog-ng 3.9.1 Installer-Version: 3.9.1 Revision: Module-Directory: /usr/local/lib/syslog-ng Module-Path: /usr/local/lib/syslog-ng Available-Modules: syslogformat,afsocket,affile,afprog,afuser,afamqp, afmongodb,csvparser,confgen,system-source,linux-kmsg- format,basicfuncs,cryptofuncs,dbparser,json-plugin,afstomp, pseudofile,graphite,sdjournal,kvformat,date,cef,disk-buffer, add-contextual-data Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: off Enable-Linux-Caps: off
syslog-ng -Fvde shows : [2017-08-03T13:57:20.214552] Module loaded and initialized successfully; module='syslogformat'
Any help is appreciated.
Thanks, Vijay Amrut.
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq