I got it going again and now see that the firewall is connected to syslog-ng. Thing is, where are the logs going? Nothing seems to be showing up in /var/log which seems to be the default location for logs. Mike On Thu, 03 Jul 2008 09:19:31 +1000, Philip Webster wrote:
�lists@grounded.net wrote on 03/07/2008 08:44 : �
�What does the default syslog-ng installation use, tcp or udp? The � �I'm not sure about a default, however in our configuration we have: � �source src_udp { udp(ip(x.x.x.x) port(514)); }; � �source src_tcp { tcp(ip(x.x.x.x) port(514) max-connections(250) �tcp-keep-alive(yes)); �}; � �So in this case our server listens on port 514/udp and on 54/tcp, on the �specified IP address (x.x.x.x). �I don't look after the firewalls, �however I'm fairly certain that they use UDP by default. �That's �certainly how we're receiving the logs. � �netscreen can't seem to reach the syslog-ng server but it can reach �my other linux syslog servers. � �Is there a blockage in the network somewhere? �Our NetScreen's log via �their management interface, so the log server has a presence on both the �management and production networks. �(So we actually have two sets of �the 'source ...' lines above in the config - one for an IP on the �production network and one for an IP on the management network.) � �Phil �______________________________________________________________________________ �Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng �Documentation: http://www.balabit.com/support/documentation/?product=syslog- �ng �FAQ: http://www.campin.net/syslog-ng/faq.html