On Sat, Dec 21, 2002 at 10:43:37PM -0800, Richard E. Perlotto II wrote:
I have a set of Mandrake 9.0 boxes all running the latest version of syslog-ng (1.5.24). I have a centralized log server that is receiving logs from a variety of udp and tcp (syslog-ng) sources. All but one of the devices is able to log to the log server. The error that I get from that one server is:
Error connecting to remote host AF_INET(10.1.1.1:5100), reattempting in 10 seconds
Now I know that packet is getting there because I can look at an ACL from a router that sits between them:
Dec 21 22:25:16 router1/router1 1553: Dec 21 22:28:09.816 pst: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 10.1.1.1(32830) (FastEthernet1/0 0030.4841.12a4) -> 10.2.1.1(5100), 1 packet
This same log server is also successfully receiving tcp logs from other syslog-ng servers without a problem and one of these is on the same subnet as the one that is having the problem connecting.
I'd think it is some kind of TCP problem, try tcpdumping the traffic on your syslog host (either the client or the server). ECN might be blocked for instance. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1