Hi, 2009/3/18 gatfi sami <pfegatfi.sami@gmail.com>:
now when i use the TCP CONNECTION I CAN RECIVE NOTHING ******************syslog server**************** syslog 2.0.9 source my_tcp { tcp(ip(0.0.0.0) port (415)); // they saied 0.0.0.0 means recive from any ip adress i also tried tcp ( port(514)); same thing};
To correction your comment: listening on 0.0.0.0 (INADDR_ANY) means that syslog-ng will listen ON every IP addresses the host has. You have to ensure that the receiver and the sender are using the same port and protocol. You can verify with netstat, lsof which port(s) syslog-ng is listening on. Then the next debugging step would be capturing network traffic, whether the logs actually leave the sending side, and running another capture on the receiver side to see that logs reach that host. When the network seems to be OK then trace the receiver syslog-ng process to see what's going on.
destination my_dest{ file("/var/log/Sami/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); }; log { source(my_tcp); #filter(my_filter); destination(my_dest); }; ************************************************************
******************syslog client***************2syslog 2.0.10
source my_src { file("/var/log/apache2/error_log" follow_freq(1) ); }; #filter my_filter { }; destination my_dest{ tcp("192.168.1.64) port(514); }; log { source(my_src); #filter(my_filter); destination(my_dest); }; **********************************************************************************
Are you sure apache still writes to that file? Is the same inode used by apache to write logs which inode syslog-ng is reading? hth, Sandor