tcp/udp driver not binding correctly
Hi List, I've searched the mailing lists for over a year back and couldn't find an answer to my question. I'm working with an older version of syslog-ng and most of the questions were about 3.x or newer, so here goes. I've setup a LVS cluster which is working perfectly. The problem I am having is when I have a logical interface ip (or no ip at all, interface is eth0:1) when using the tcp/udp driver, it does not seem to bind correctly and accept messages on the port specified. When using udp, I try a port scan with nmap and it shows the port on the logical interface a "closed". When I try tcp, it shows "filtered". The primary ip on interface eth0 accepts logs with no issues. Can syslog-ng bind to logical interfaces as described above and receive logs on multiple addresses?? A netstat -a shows *:syslog or when I outright specify the logical ip, it shows the logical ip, but as stated above ... it's either closed or filtered. I've searched all over, but it seems my google foo is not matching anything. Specifics .. RHEL v5.8 Syslog-ng v2.1.4 Regards, max
"N. Max Pierson" <nmaxpierson@gmail.com> writes:
I've setup a LVS cluster which is working perfectly. The problem I am having is when I have a logical interface ip (or no ip at all, interface is eth0:1) when using the tcp/udp driver, it does not seem to bind correctly and accept messages on the port specified. When using udp, I try a port scan with nmap and it shows the port on the logical interface a "closed". When I try tcp, it shows "filtered". The primary ip on interface eth0 accepts logs with no issues. Can syslog-ng bind to logical interfaces as described above and receive logs on multiple addresses??
While I haven't seen 2.1.x in ages, I believe it should be able to do that, indeed. You can check which addresses it listens on by running lsof -p $PID (replace $PID with the actual pid of the syslog-ng process).
A netstat -a shows *:syslog or when I outright specify the logical ip, it shows the logical ip, but as stated above ... it's either closed or filtered. I've searched all over, but it seems my google foo is not matching anything.
Might it not be a firewall in front of your system, somewhere? If lsof, or netstat shows syslog-ng is bound to the right IP and port, then all should be well. -- |8]
lsof output ... (currently configured for TCP 514) syslog-ng 26027 root 3u IPv4 88122 TCP *:shell (LISTEN) And I have IPTables configured to allow it ... but just to make sure I stopped the service and still the same thing. I tried this on a newer version of syslog-ng and it seems to work just fine (v3.2.5). I'll see if I can compile and do an rpmbuild on a newer version and see if that fixes it. If it doesn't, there must be somethign going on with the LVS setup .. however other services are working fine on that IP ... SSH, NTP. Thanks Gergely On Mon, Jun 4, 2012 at 8:48 AM, Gergely Nagy <algernon@balabit.hu> wrote:
"N. Max Pierson" <nmaxpierson@gmail.com> writes:
I've setup a LVS cluster which is working perfectly. The problem I am having is when I have a logical interface ip (or no ip at all, interface is eth0:1) when using the tcp/udp driver, it does not seem to bind correctly and accept messages on the port specified. When using udp, I try a port scan with nmap and it shows the port on the logical interface a "closed". When I try tcp, it shows "filtered". The primary ip on interface eth0 accepts logs with no issues. Can syslog-ng bind to logical interfaces as described above and receive logs on multiple addresses??
While I haven't seen 2.1.x in ages, I believe it should be able to do that, indeed.
You can check which addresses it listens on by running lsof -p $PID (replace $PID with the actual pid of the syslog-ng process).
A netstat -a shows *:syslog or when I outright specify the logical ip, it shows the logical ip, but as stated above ... it's either closed or filtered. I've searched all over, but it seems my google foo is not matching anything.
Might it not be a firewall in front of your system, somewhere? If lsof, or netstat shows syslog-ng is bound to the right IP and port, then all should be well.
-- |8]
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Gergely Nagy
-
N. Max Pierson