Hi, Another application is listening on the udp 514 port, that's why syslog-ng cannot bind on it. You should stop this application before starting syslog-ng. typically, it is the rshd on the most platforms. You can check it with lsof (lsof -i udp:514) or netstat (for more details see my blog: http://pzolee.blogs.balabit.com/2010/03/troubleshooting-on-linux-best-practi...) abhay singh wrote:
Hi All I am configuring syslog-ng confile to receive logs from different m/c of network. I have added these in my syslog-ng.conf file source s_external { udp(ip("xxx.xxx.xxx.xxx") port(514)); }; destination s_external { file("/mydir/syslogs/$HOST_syslog.log" \ owner(user) group(group) perm(0600) dir_perm(0700) create_dirs(yes)); };
log { source(s_external); destination(s_external); };
Also made entry in iptable iptables -A INPUT -p udp -i eth1 -s xxx.xxx.xxx.xxx -d yyy.yyy.yyy.yyy --dport 514 -j ACCEPT
When i restart syslog service it gives this error /etc/init.d/syslog restart Shutting down syslog services done Re-Starting syslog servicesio.c: bind_inet_socket() bind failed xxx.xxx.xxx.xxx:514 Cannot assign requested address Error initializing configuration, exiting. \\startproc <file://startproc/>: exit status of parent of /sbin/syslog-ng: 1 failed
What is wrong in this? -- Regards.. Abhay Singh.. ------------------------------------------------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- pzolee