Hi Anatoly,
I appreciate the trust you bestowed to me by sending me the bundle.
From syslog-ng perspective your setup looks all sane, and I couldn't spot any problems.
Upon checking the debug logs, I saw, that syslog-ng did not report either of the incoming UDP packages as "Incoming messages" even though they were recorded in the pcap file.
Given that SELinux is disabled, I and your firewall rules are all ALLOW, there are very few things that could prevent the reception of the messages.
That led me to suspect a networking problem: a routing issue.
You seem to have two interfaces active: A and B.
A has a single IP configured, and B has two.
Only two locally connected networks are present in the routing table, and a default route, that points to a host located in the subnet that interface A is connected to.
The problem is that the packets arrive to interface B, and the IP address they arrive from should be in the direction of interface A, at least from routing perspective.
Due to this the kernel will silently discard these packets.
In order to fix this I would recommend you to review your routing table, or reconfigure your setup so that these packets arrive to interface A's configured IP address.
If you want to verify this theory of mine, I can point you to the following article on how to make the kernel log these unroutable packets:
Best Regards,
János
--
LinkedIn: linkedin.com/in/janosszigetvari__@__˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp