On 8/29/07, mailing list <sunlist@yahoo.com> wrote:
My syslog-ng is now running. However, I cannot get the client to forward its messages to the server. To be certain, I have disabled my firewall, on both the client and server side, but still get the below errors in /var/adm/messages. The client is logging normally in /var/adm/messages.
Aug 29 14:54:33 client1 syslog-ng[18639]: Connection failed; error='Connection refused (146)', time_reopen='10' Aug 29 14:54:43 client1 syslog-ng[18639]: Connection failed; error='Connection refused (146)', time_reopen='10' Aug 29 14:54:53 client1 syslog-ng[18639]: Connection failed; error='Connection refused (146)', time_reopen='10' Aug 29 14:54:59 client1 syslog-ng[18639]: Log statistics; dropped='tcp(AF_INET(w.x.y.z:5140))=0', processed='center(queued)=8844', processed='center(received)=4424', processed='destination(messages)=4420', processed='destination(loghost)=4420', processed='destination(syslog)=4', processed='source(src)=4424' Aug 29 14:55:03 client1 syslog-ng[18639]: Connection failed; error='Connection refused (146)', time_reopen='10'
looks like you have not configured a source listening on the ip w.x.y.z and port 5140 on the server which should receive the syslog messages .... and of course you are only using w.x.y.z and not a valid ip adress do not reveal the ip to us ;-) in the servers syslo-ng config you have to configure: source loghost { tcp( ip(w.x.y.z) port(5140)); }; ... don't hesitate to read the manual ... it's good ;-)
I have "destination loghost { tcp("w.x.y.z" port(5140)); };" in my syslog-ng.conf on the client1. Here's my complete syslog-ng.conf file on the client1 side.
options { long_hostnames(off); log_msg_size(8192); sync(1); log_fifo_size(2048); bad_hostname("^(ctld.|cmd|tmd|last)$"); time_reopen(10); };
source src { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); };
destination syslog { file("/var/log/syslog"); }; destination messages { file("/var/adm/messages"); }; destination loghost { tcp("w.x.y.z" port(5140)); };
filter f_mail { facility(mail); }; filter f_not_mail { not facility(mail); };
log { source(src); filter(f_mail); destination(syslog); }; log { source(src); filter(f_not_mail); destination(messages); };
Any help/pointer is greatly appreciated. Thank you.
____________________________________________________________________________________ Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html