Here are the configs. I have added as an attachment the strace output files using "strace -f -ff -o localfile syslog-ng". This is the config for the problem conputers. options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); }; source s_sys { unix-stream ("/dev/log"); internal(); }; destination d_cons { file("/var/log/ng/kern.log"); }; destination d_mesg { file("/var/log/ng/messages"); }; destination d_auth { file("/var/log/ng/secure"); }; destination d_mail { file("/var/log/ng/maillog"); }; destination d_spol { file("/var/log/ng/spooler"); }; destination d_boot { file("/var/log/ng/boot.log"); }; destination d_mlal { file("/var/log/ng/emerg.log"); }; destination d_bg { tcp("192.168.1.19:514"); }; destination d_sshd { file("/var/log/ng/sshd.log"); }; filter f_filter1 { facility(kern); }; filter f_filter2 { level(info); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit)); }; filter f_tcplog { level(debug); }; filter f_sshd { match("sshd"); }; log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_tcplog); destination(d_bg); }; log { source(s_sys); filter(f_sshd); destination(d_sshd); }; This is the logserver config options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); }; source s_sys { unix-stream ("/dev/log"); internal(); }; source s_tcp { tcp (ip(192.168.1.1) port(10001)); }; destination d_cons { file("/var/log/ng/kernel"); }; destination d_mesg { file("/var/log/ng/messages"); }; destination d_auth { file("/var/log/ng/secure"); }; destination d_mail { file("/var/log/ng/maillog"); }; destination d_spol { file("/var/log/ng/spooler"); }; destination d_boot { file("/var/log/ng/boot.log"); }; destination d_mlal { file("/var/log/ng/emerg.log"); }; destination d_pptp { file("/var/log/ng/pptpd.log"); }; destination d_daemon { file("/var/log/ng/daemon.log"); }; destination d_firewall { file("/var/log/ng/firewall.log"); }; filter f_filter1 { facility(kern); }; filter f_filter2 { level(info) and not facility(mail,authpriv,kern); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp); }; filter f_pptpd { match("pptpd"); }; filter f_daemon { facility(daemon); }; filter f_boot { facility(local7); }; filter f_firewall { level(debug); }; log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_pptpd); destination(d_pptp); }; log { source(s_sys); filter(f_daemon); destination(d_daemon); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_tcp); filter(f_firewall); destination(d_firewall); }; Thank you for your help. sim "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD" wrote:
1. No syslog-ng runs as its own daemon. Works much better this way. 2. If the answer to 1 was yes it would make a difference. But since it isn't then no. 3. Could you post a sample of your config file? That might be helpful. Also could you post part of your strace results? That would at least give us info on where to look for your problem.
Random thoughts...do you have some sort of port monitor that could be blocking your default ports? I have seen that before.
Regards. Drew
execve("/usr/local/sbin/syslog-ng", ["/usr/local/sbin/syslog-ng"], [/* 23 vars */]) = 0 uname({sys="Linux", node="home.electroniceasel.com", ...}) = 0 brk(0) = 0x8059f84 open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 4 fstat64(4, 0xbfffec8c) = -1 ENOSYS (Function not implemented) fstat(4, {st_mode=S_IFREG|0644, st_size=17563, ...}) = 0 old_mmap(NULL, 17563, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40018000 close(4) = 0 open("/lib/libnsl.so.1", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360>\0"..., 1024) = 1024 fstat(4, {st_mode=S_IFREG|0755, st_size=409599, ...}) = 0 old_mmap(NULL, 89888, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4001d000 mprotect(0x40030000, 12064, PROT_NONE) = 0 old_mmap(0x40030000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x12000) = 0x40030000 old_mmap(0x40031000, 7968, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40031000 close(4) = 0 open("/lib/libc.so.6", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\300\1"..., 1024) = 1024 fstat(4, {st_mode=S_IFREG|0755, st_size=5155229, ...}) = 0 old_mmap(NULL, 1214792, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40033000 mprotect(0x40153000, 35144, PROT_NONE) = 0 old_mmap(0x40153000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x11f000) = 0x40153000 old_mmap(0x40158000, 14664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40158000 close(4) = 0 open("/lib/libc.so.6", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\300\1"..., 1024) = 1024 fstat(4, {st_mode=S_IFREG|0755, st_size=5155229, ...}) = 0 close(4) = 0 munmap(0x40018000, 17563) = 0 getpid() = 25135 brk(0) = 0x8059f84 brk(0x8059fd4) = 0x8059fd4 brk(0x805a000) = 0x805a000 brk(0x805b000) = 0x805b000 open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 4 brk(0x8060000) = 0x8060000 ioctl(4, TCGETS, 0xbffff8c0) = -1 ENOTTY (Inappropriate ioctl for device) fstat64(4, 0xbffff330) = -1 ENOSYS (Function not implemented) fstat(4, {st_mode=S_IFREG|0777, st_size=2016, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000 read(4, "# syslog-ng configuration file.\n"..., 8192) = 2016 read(4, "", 4096) = 0 read(4, "", 8192) = 0 ioctl(4, TCGETS, 0xbffff390) = -1 ENOTTY (Inappropriate ioctl for device) close(4) = 0 munmap(0x40018000, 4096) = 0 fork() = 25136 rt_sigaction(SIGTERM, {0x8049a94, [TERM], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 pause() = ? ERESTARTNOHAND (To be restarted) --- SIGTERM (Terminated) --- --- SIGCHLD (Child exited) --- rt_sigaction(SIGTERM, {0x8049a94, [TERM], SA_RESTART|0x4000000}, {0x8049a94, [TERM], SA_RESTART|0x4000000}, 8) = 0 sigreturn() = ? (mask now []) _exit(0) = ? open("/var/run/syslog-ng.pid", O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0600) = 4 getpid() = 25136 write(4, "25136\n", 6) = 6 close(4) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 4 fcntl64(4, F_GETFL) = -1 ENOSYS (Function not implemented) fcntl(4, F_GETFL) = 0x2 (flags O_RDWR) fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 stat("/dev/log", {st_mode=S_IFSOCK|0666, st_size=0, ...}) = 0 unlink("/dev/log") = 0 bind(4, {sin_family=AF_UNIX, path=" /dev/log"}, 110) = 0 chown32("/dev/log", 0, 0) = -1 ENOSYS (Function not implemented) chown("/dev/log", 0, 0) = 0 chmod("/dev/log", 0666) = 0 listen(4, 256) = 0 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 5 fcntl(5, F_GETFL) = 0x2 (flags O_RDWR) fcntl(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 brk(0x8061000) = 0x8061000 gettimeofday({982687040, 137493}, NULL) = 0 getpid() = 25136 open("/etc/resolv.conf", O_RDONLY) = 6 fstat(6, {st_mode=S_IFREG|0644, st_size=78, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000 read(6, "domain electroniceasel.com\nsearc"..., 4096) = 78 read(6, "", 4096) = 0 close(6) = 0 munmap(0x40018000, 4096) = 0 close(5) = 0 write(2, "Error creating AF_INET socket (S"..., 40) = 40 write(2, "Error initializing configuration"..., 43) = 43 getppid() = 25135 kill(25135, SIGTERM) = 0 _exit(2) = ?