Ip filtering is no issue as its not running on these 2 nodes. UDP is working but tcp is not. Keep in mind that this is brand new to me... This is Solaris 10 to Solaris 10. Here is my short and simple config: options { use_fqdn(no); use_dns(no); log_fifo_size(4096); log_msg_size(8192); sync(0); time_reopen(10); stats(3600); }; source logs { internal(); sun-streams("/dev/log"); udp(); tcp(max_connections(100) keep-alive(yes)); }; # Log files to log to send remotely... source auth { file("/var/log/auth"); }; source cron { file("/var/log/cron"); }; source mail { file("/var/log/mail"); }; # My loghost and it's destination... destination loghost { tcp("10.104.100.223" port (514)); }; # What we are sending off... log { source(logs); destination(loghost); }; log { source(auth); destination(loghost); }; log { source(cron); destination(loghost); }; log { source(mail); destination(loghost); }; Any hints is appreciated. Scott -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Valdis.Kletnieks@vt.edu Sent: Friday, January 04, 2008 11:37 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] UDP Works, TCP Does Not On Fri, 04 Jan 2008 15:26:59 MST, "Baxter, Scott" said:

All, I am new to syslog-ng and want to use it for tcp remote logging, (without ssh at this time). I am testing from a Solaris 10 box, sending logging files to another Solaris 10 box. It sends them via udp just fine. But when I change that to TCP, no logging. Not finding much on the internet around this subject. If anybody has any info regarding this, please send my way.

First guess? You need to look around in /etc/ipf and make sure that ipfilters has been told to allow TCP connections in/out on the port you're using for that (note that although by default syslog is 514/UDP, you may need/want to pick an alternate port because historically 514/TCP was 'rshell').