Hi, I would like to use SYSLOG-NG to relay syslog messages received to multiple destinations. Through TCPDUMP I can tell I receive the messages but they aren't not being sent to the destionations. Any help will be greatly aprreciated of course... #sample syslog-ng.conf for a remote client source src { udp (ip(0.0.0.0) port (514)); tcp (ip(0.0.0.0) port (514)); }; destination loghos { udp ("172.22.134.58" port(514)); # udp ("172.22.134.55" port(514)); }; log { source (src); destination (loghos); }; ________________________________________________________ DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Hello,
Hi, I would like to use SYSLOG-NG to relay syslog messages received to multiple destinations. Through TCPDUMP I can tell I receive the messages but they aren't not being sent to the destionations. Any help will be greatly aprreciated of course...
First check using netstat or lsof whether syslog-ng was able to bind to port 514 or not, and if yes then I propose using truss/ strace to check whether syslog-ng receives the packets. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
The syslog-ng server receives the messages. The issue is the forwarding of the messages to a destination that is not working. #sample syslog-ng.conf for a remote client source src { udp (ip(0.0.0.0) port (514)); tcp (ip(0.0.0.0) port (514)); }; destination loghos { udp ("172.22.134.58" port(514)); udp ("172.22.134.55" port(514)); }; log { source (src); destination (loghos); }; "Geller, Sandor (IT)" <Sandor.Geller@morganstanley.com> Sent by: syslog-ng-bounces@lists.balabit.hu 07/05/2007 11:02 AM Please respond to Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> To "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> cc Subject RE: [syslog-ng] SYSLOG RELAY CONF FILE Hello,
Hi, I would like to use SYSLOG-NG to relay syslog messages received to multiple destinations. Through TCPDUMP I can tell I receive the messages but they aren't not being sent to the destionations. Any help will be greatly aprreciated of course...
First check using netstat or lsof whether syslog-ng was able to bind to port 514 or not, and if yes then I propose using truss/ strace to check whether syslog-ng receives the packets. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html ________________________________________________________ DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
TCP dump only tells you that the message arrived at your device but it doesn't tell you if syslog-ng actually received the message. In addition to netstat you could also set up a temporary file destination to confirm that syslog-ng is getting the messages. Anthony
Ronald Jones <RonaldJones@dtcc.com> 07/06/07 7:25 AM >>> The syslog- ng server receives the messages. The issue is the forwarding of the messages to a destination that is not working.
#sample syslog- ng.conf for a remote client source src { udp (ip(0.0.0.0) port (514)); tcp (ip(0.0.0.0) port (514)); }; destination loghos { udp ("172.22.134.58" port(514)); udp ("172.22.134.55" port(514)); }; log { source (src); destination (loghos); }; "Geller, Sandor (IT)" <Sandor.Geller@morganstanley.com> Sent by: syslog- ng- bounces@lists.balabit.hu 07/05/2007 11:02 AM Please respond to Syslog- ng users' and developers' mailing list <syslog- ng@lists.balabit.hu> To "Syslog- ng users' and developers' mailing list" <syslog- ng@lists.balabit.hu> cc Subject RE: [syslog- ng] SYSLOG RELAY CONF FILE Hello,
Hi, I would like to use SYSLOG- NG to relay syslog messages received to multiple destinations. Through TCPDUMP I can tell I receive the messages but they aren't not being sent to the destionations. Any help will be greatly aprreciated of course...
First check using netstat or lsof whether syslog- ng was able to bind to port 514 or not, and if yes then I propose using truss/ strace to check whether syslog- ng receives the packets. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog- ng maillist - syslog- ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog- ng Frequently asked questions at http://www.campin.net/syslog- ng/faq.html ________________________________________________________ DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
participants (3)
-
anthony lineham
-
Geller, Sandor (IT)
-
Ronald Jones