PS I restarted syslog-ng on one client system in the hope that it would prevent the client having issues – it made no difference.
Ian
Ian Cottington-Bray | Senior Infrastructure Engineer – Linux/Unix | McLaren Technology Group Limited
McLaren Technology Centre, Chertsey Road, Woking, Surrey GU21 4YH, UK
T: +44 (0) 1483 261 900
From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Cottington-Bray, Ian
Sent: 27 April 2016 12:07
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Switching the syslog-ng central server - client messages go missing
Thanks for the feedback – had to wait for a period to test again.
Comments below
Ian Cottington-Bray | Senior Infrastructure Engineer – Linux/Unix | McLaren Technology Group Limited
McLaren Technology Centre, Chertsey Road, Woking, Surrey GU21 4YH, UK
T: +44 (0) 1483 261 900D: +44 (0) 1483 262 357
E: ian.cottington-bray@mclaren.com
From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Scheidler, Balázs
Sent: 21 April 2016 10:33
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Switching the syslog-ng central server - client messages go missing
hmm... couple of things come to mind, not all syslog-ng related:
1) are those messages actually arriving on the host (check with tcpdump)
Sometimes – I see network packets being sent some of the time (by the client) but not always
2) is the local firewall letting them through?
There is no firewall on this network
3) is syslog-ng bound to a specific ip/port or it is bound to 0.0.0.0? (check that with netstat)
Specific IP/port (514) – several IPs in fact
4) you should be able to use telnet/netcat on the client host to check if the port on the solaris11 box is open
The port is open
5) if all else fails, check the syslog-ng config, but that shouldn't be a problem
It looks OK to me ..
It almost looks like the client systems don’t send all the time – which is VERY strange and I’m struggling to understand why. The client systems seem to send a few messages immediately after syslog-ng starts on the central server and then stop sending …
If I shutdown the new server and bring up the old one the messages start appearing in the logs as I would expect.
Any suggestions ?
Bazsi
--
Bazsi
On Wed, Apr 20, 2016 at 4:51 PM, Cottington-Bray, Ian <ian.cottington-bray@mclaren.com> wrote:
Hi
I have a Solaris 10 server running version 3.0 of syslog-ng.
I have built a new server running Solaris 11 with version 3.6 of syslog-ng installed.
I have tested the new server by pointing another client at it and messages appear in the configured files as expected.
I then shut down the Solaris 10 server – change the Solaris 11 server IP configuration to match the details for the Solaris 10 server – restart syslog-ng on the Solaris 11 server. Things seem to be working ok – except for the (Solaris and Linux) clients using syslog-ng (and referencing the central syslog-ng server by IP) their messages do not arrive at the expected files.
Any suggestions ?
Ian
Ian Cottington-Bray | Senior Infrastructure Engineer – Linux/Unix | McLaren Technology Group Limited
McLaren Technology Centre, Chertsey Road, Woking, Surrey GU21 4YH, UK
T: +44 (0) 1483 261 900D: +44 (0) 1483 262 357
E: ian.cottington-bray@mclaren.com
The contents of this e-mail are confidential and for the exclusive use of the intended recipient. If you are not the intended recipient you should not read, copy, retransmit or disclose its contents. If you have received this email in error please delete it from your system immediately and notify us either by email or telephone. The views expressed in this communication may not necessarily be the views held by McLaren Technology Group Limited.
McLaren Technology Group Limited | McLaren Technology Centre | Chertsey Road | Woking | Surrey | GU21 4YH | UK | Company Number: 01967715
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
The contents of this e-mail are confidential and for the exclusive use of the intended recipient. If you are not the intended recipient you should not read, copy, retransmit or disclose its contents. If you have received this email in error please delete it from your system immediately and notify us either by email or telephone. The views expressed in this communication may not necessarily be the views held by McLaren Technology Group Limited.
McLaren Technology Group Limited | McLaren Technology Centre | Chertsey Road | Woking | Surrey | GU21 4YH | UK | Company Number: 01967715
The contents of this e-mail are confidential and for the exclusive use of the intended recipient. If you are not the intended recipient you should not read, copy, retransmit or disclose its contents. If you have received this email in error please delete it from your system immediately and notify us either by email or telephone. The views expressed in this communication may not necessarily be the views held by McLaren Technology Group Limited.
McLaren Technology Group Limited | McLaren Technology Centre | Chertsey Road | Woking | Surrey | GU21 4YH | UK | Company Number: 01967715
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq