The loghost is resolving correctly. I get the following in tcpdump which tells me that the packets are being set to the syslog-ng loghost. root@advil:/tmp# tcpdump dst host plague.anc.net tcpdump: listening on eth0 10:44:39.856806 advil.anc.net.syslog > plague.anc.net.syslog: udp 47 (DF) 10:44:39.856851 advil.anc.net.syslog > plague.anc.net.syslog: udp 37 (DF) 10:45:03.885048 advil.anc.net.syslog > plague.anc.net.syslog: udp 47 (DF) 10:45:03.885090 advil.anc.net.syslog > plague.anc.net.syslog: udp 37 (DF) 10:45:05.334610 advil.anc.net.syslog > plague.anc.net.syslog: udp 47 (DF) 10:45:05.334650 advil.anc.net.syslog > plague.anc.net.syslog: udp 37 (DF) 10:45:06.516617 advil.anc.net.syslog > plague.anc.net.syslog: udp 47 (DF) 10:45:06.516815 advil.anc.net.syslog > plague.anc.net.syslog: udp 37 (DF) 8 packets received by filter 0 packets dropped by kernel There is a firewall between the 2 machines but it isn't blocking this port. I know that because there are other machines are the same subnet that are able to get to the loghost and nothing is showing up in my firewall logs. Any more suggestions? Paul At 11:25 PM 2/3/2003, you wrote:
Message: 7 To: syslog-ng@lists.balabit.hu Cc: Leonard_Mills@corpnet.sel.sony.com Subject: Re: [syslog-ng]Some Boxes Refuse to Write to syslog-ng host <5.2.0.9.0.20030203161839.022feaf0@127.0.0.1> Date: Mon, 03 Feb 2003 22:25:54 +0000 From: Leonard Mills <Leonard_Mills@corpnet.sel.sony.com> Reply-To: syslog-ng@lists.balabit.hu
You might get a good idea by using
dig @localhost loghost.domain.com
If that gives you what you need, then try using tcpdump from one of the failing hosts after a kill -HUP on syslogd.
Hope this helps,
Len