Could also be tcp wrappers if the destination host is a syslog-ng server. I got "hit" by this as the build changed somewhere around 2.0.3 to default to using tcpwrappers, or perhaps that is when that feature was added. I upgraded my central server, and lost all logging :-( Anyhow, it was easy to configure the /etc/hosts.allow file. Evan. mailing list wrote:
My syslog-ng is now running. However, I cannot get the client to forward its messages to the server. To be certain, I have disabled my firewall, on both the client and server side, but still get the below errors in /var/adm/messages. The client is logging normally in /var/adm/messages.
Aug 29 14:54:33 client1 syslog-ng[18639]: Connection failed; error='Connection refused (146)', time_reopen='10' Aug 29 14:54:43 client1 syslog-ng[18639]: Connection failed; error='Connection refused (146)', time_reopen='10' Aug 29 14:54:53 client1 syslog-ng[18639]: Connection failed; error='Connection refused (146)', time_reopen='10' Aug 29 14:54:59 client1 syslog-ng[18639]: Log statistics; dropped='tcp(AF_INET(w.x.y.z:5140))=0', processed='center(queued)=8844', processed='center(received)=4424', processed='destination(messages)=4420', processed='destination(loghost)=4420', processed='destination(syslog)=4', processed='source(src)=4424' Aug 29 14:55:03 client1 syslog-ng[18639]: Connection failed; error='Connection refused (146)', time_reopen='10'
I have "destination loghost { tcp("w.x.y.z" port(5140)); };" in my syslog-ng.conf on the client1. Here's my complete syslog-ng.conf file on the client1 side.
options { long_hostnames(off); log_msg_size(8192); sync(1); log_fifo_size(2048); bad_hostname("^(ctld.|cmd|tmd|last)$"); time_reopen(10); };
source src { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); };
destination syslog { file("/var/log/syslog"); }; destination messages { file("/var/adm/messages"); }; destination loghost { tcp("w.x.y.z" port(5140)); };
filter f_mail { facility(mail); }; filter f_not_mail { not facility(mail); };
log { source(src); filter(f_mail); destination(syslog); }; log { source(src); filter(f_not_mail); destination(messages); };
Any help/pointer is greatly appreciated. Thank you.
____________________________________________________________________________________ Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html