Sim, I have just a couple of other questions. What is the address of your loghost and the address of the clients? I'm looking at your two configs and I want to make sure that the destination for the problem machine is ok. Do you have a 192.168.1.19 host on your network and is it listening for tcp connections on port 514? In the loghost config you reference a source of 192.168.1.1 which tells me that your loghost is 192.168.1.1. If you are trying to establish a connection to a host using the tcp/ip you also need to make sure that the host is listening for tcp/ip connections. The loghost config is listening for tcp/ip on 192.168.1.1 port 10001 and you are trying to make a tcp connection with 192.168.1.19 on port 514. Is this what you are intending, if so this won't work. Change your destination in your client to read destination d_bg {tcp("192.168.1.1:10001") }; That should at least let you log to that loghost. Regards, Drew
-----Original Message----- From: Simeon Johnston [SMTP:simeonuj@eetc.com] Sent: Wednesday, February 21, 2001 5:39 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Trying to send log over network
Here are the configs.
I have added as an attachment the strace output files using "strace -f -ff -o localfile syslog-ng".
This is the config for the problem conputers.
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); };
source s_sys { unix-stream ("/dev/log"); internal(); };
destination d_cons { file("/var/log/ng/kern.log"); }; destination d_mesg { file("/var/log/ng/messages"); }; destination d_auth { file("/var/log/ng/secure"); }; destination d_mail { file("/var/log/ng/maillog"); }; destination d_spol { file("/var/log/ng/spooler"); }; destination d_boot { file("/var/log/ng/boot.log"); }; destination d_mlal { file("/var/log/ng/emerg.log"); }; destination d_bg { tcp("192.168.1.19:514"); }; destination d_sshd { file("/var/log/ng/sshd.log"); };
filter f_filter1 { facility(kern); }; filter f_filter2 { level(info); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit)); }; filter f_tcplog { level(debug); }; filter f_sshd { match("sshd"); };
log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_tcplog); destination(d_bg); }; log { source(s_sys); filter(f_sshd); destination(d_sshd); };
This is the logserver config
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); };
source s_sys { unix-stream ("/dev/log"); internal(); }; source s_tcp { tcp (ip(192.168.1.1) port(10001)); };
destination d_cons { file("/var/log/ng/kernel"); }; destination d_mesg { file("/var/log/ng/messages"); }; destination d_auth { file("/var/log/ng/secure"); }; destination d_mail { file("/var/log/ng/maillog"); }; destination d_spol { file("/var/log/ng/spooler"); }; destination d_boot { file("/var/log/ng/boot.log"); }; destination d_mlal { file("/var/log/ng/emerg.log"); }; destination d_pptp { file("/var/log/ng/pptpd.log"); }; destination d_daemon { file("/var/log/ng/daemon.log"); }; destination d_firewall { file("/var/log/ng/firewall.log"); };
filter f_filter1 { facility(kern); }; filter f_filter2 { level(info) and not facility(mail,authpriv,kern); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp); }; filter f_pptpd { match("pptpd"); }; filter f_daemon { facility(daemon); }; filter f_boot { facility(local7); }; filter f_firewall { level(debug); };
log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_pptpd); destination(d_pptp); }; log { source(s_sys); filter(f_daemon); destination(d_daemon); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_tcp); filter(f_firewall); destination(d_firewall); };
Thank you for your help.
sim
"Hamilton, Andrew Mr RAYTHEON 5 SIG CMD" wrote:
1. No syslog-ng runs as its own daemon. Works much better this way. 2. If the answer to 1 was yes it would make a difference. But since it isn't then no. 3. Could you post a sample of your config file? That might be helpful. Also could you post part of your strace results? That would at least give us info on where to look for your problem.
Random thoughts...do you have some sort of port monitor that could be blocking your default ports? I have seen that before.
Regards. Drew << File: strace.syslog-ng >> << File: strace.syslog-ng.25136 >>