I guess I wasn’t patient enough to try on one of our production boxes that does generate messages.  I see the messages coming in now. But thanks for all the help.

 

Maunir Shah

 

From: Shah, Maunir
Sent: Friday, June 16, 2006 2:47 PM
To: Shah, Maunir; 'syslog-ng@lists.balabit.hu'
Subject: RE: Syslog-ng not logging anything from Solaris host

 

telnet uses tcp, whereas syslogd uses udp by default, so the traffic
might still be blocked by a firewall.
 
Regarding your response for telnet, we had tcp and udp protocol enabled for syslog-ng when we tested to make sure firewall is not blocking it.  But, since default solaris syslog uses udp I took out tcp to test and no logging whatsoever.  When I run a snoop on syslog-ng server I don’t even see any kind of packets coming in when I run logger –p on the test host.  Does anyone know if my syslog.conf file on the test box is right or wrong?  Maybe that’s what is causing it to not send anything.
 
Thanks
 

Maunir Shah

 

From: Shah, Maunir
Sent: Friday, June 16, 2006 11:37 AM
To: 'syslog-ng@lists.balabit.hu'
Subject: Syslog-ng not logging anything from Solaris host

 

I’m running syslog-ng 1.6.11 on Solaris 10 zone, and so far I’m able to see logs being created locally but I’m not seeing any kind of logging from other Solaris host.  For my syslog-ng server I made sure that I’m using udp and for source its door.  I’ve two test servers running Solaris 8 and 10 that I’m testing from and have changed syslog.conf to reflect the changes and point all my logs to go to syslog-ng.  It’s not the firewall that is blocking it as we are able to telnet to port 514 and whatever you type in the cmd prompt it records it on the syslog-ng server.  I know I’m missing something in the config file but not sure what I’m doing wrong.

 

My syslog-ng.conf file

 

source s_dgram

 { sun-streams ("/dev/log" door("/etc/.syslog_door")); };

 

source s_internal

  { internal(); };

 

#source s_kernel

#  { pipe("/proc/kmsg" log_prefix("kernel: ")); };

 

#source s_tcp

#  { tcp(ip(10.1.100.84)port(514) keep-alive(yes) max_connections(100)); };

 

source s_udp

  { udp(); };

 

Solaris 8 box syslog.conf file

 

#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */

#

# Copyright (c) 1991-1998 by Sun Microsystems, Inc.

# All rights reserved.

#

# syslog configuration file.

#

# This file is processed by m4 so be careful to quote (`') names

# that match m4 reserved words.  Also, within ifdef's, arguments

# containing commas must be quoted.

#

*.*                                             @loghost

 

Maunir Shah

630-285-5875 - desk

630-550-6266 - cell

 

******************************* IMPORTANT MESSAGE ******************************
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution, 
or use of the information contained herein (including any reliance thereon) is 
STRICTLY PROHIBITED. If you received this transmission in error, please 
immediately contact the sender and destroy the material in its entirety, whether
in electronic or hard copy format. Thank you.
********************************************************************************