OK - The best advice I can give is to try and narrow down what the difference is between the system whose logs you are seeing and the one you are not. One point from your note - your server is not "polling" logs (that is - it is not sending packets to the firewalls to retrieve the data). A syslog process is *sending* logs to your server, so before you do anything else: First - make certain the logs are actually leaving the server that you don't see. Very specifically: use tcpdump to verify that you see packets. You can do this from the firewall itself (to make sure the packets are being sent) If you see packets leaving the firewall for the correct destination (address, port and protocol) then use tcpdump on your syslog server to check if the packets are arriving. (you can check this in either order - but you need to know for certain the packets are arriving at the log server BEFORE you spend any more time wondering what the problem is) If you don't know how to do this - take the opportunity and learn. It is pretty straightforward and the skill will serve you well in lots of future debugging. There is NO purpose in looking at the syslog configuration if you are not absolutely sure the packets are arriving. (I have seen many instances where I thought the server was sending logs when it simply was not) Good luck! Jim On 07/08/2014 07:27 AM, Riyas Ahamed wrote:
Hi,
Iam using Cenos 6.5 operating system and syslog-ng version is 3.2.5.
I have connected two firewalls to syslog-ng server to poll the logs. But I can get log of one firewall and another firewall logs are not polling into syslog-ng server.
In this mail I have attached my syslogng configuration file and log results of syslog-ng.
Please help me to get poll all types of logs in syslog-ng server of both the firewalls.
Thanks Riaz Ahmed (9047166496)
________________________________________ From: syslog-ng-bounces@lists.balabit.hu [syslog-ng-bounces@lists.balabit.hu] on behalf of jrhendri@roadrunner.com [jrhendri@roadrunner.com] Sent: Friday, July 04, 2014 6:24 PM To: Syslog-ng users' and developers' mailing list; stuart.green@doccentrics.com Subject: Re: [syslog-ng] syslog problem
seriously - we are going to need more information to be any help. what configuration? what have you checked? what results are you seeing ?
that said - at least you can check if the packets are getting to your syslog server with tcpdump.
Jim ---- Stuart Green <stuart.green@doccentrics.com> wrote:
Hi,
With no information on the environment, or setup thus far all I can suggest is:
Can you verify that the syslog-ng server is accepting connections across your lan by doing some analysis with netcat?
http://www.rackspace.com/knowledge_center/article/testing-network-services-w...
Regards, Stuart
Hi,
I have configured syslog-ng but I cannot able to see logs of network devices in syslog-ng server. Please help me to sort-out the problem.
Regards,
**
*N.B.Riaz Ahmed*
http://www.csscorp.com/common/email-disclaimer.php
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
http://www.csscorp.com/common/email-disclaimer.php
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq