Hi, we run a SLES10 SP2 server as a syslog-ng server for a couple of month without errors. Now I added a secondary nic in the server an binded a subnet to the nic. The first switch from this subnet logs to syslog-ng fine, but every switch else in this subnet don't create a log-directory on the server. I've run ethereal an see that all switches send their packets to port 514 on the server, but syslog-ng do nothing with this packets. What can be wrong? Regards, Boert -- GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen! Jetzt dabei sein: http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx
On Thu, 2008-08-21 at 10:05 +0200, Hubert Kupper wrote:
Hi, we run a SLES10 SP2 server as a syslog-ng server for a couple of month without errors. Now I added a secondary nic in the server an binded a subnet to the nic. The first switch from this subnet logs to syslog-ng fine, but every switch else in this subnet don't create a log-directory on the server. I've run ethereal an see that all switches send their packets to port 514 on the server, but syslog-ng do nothing with this packets. What can be wrong?
Have you checked that: * syslog-ng is bound to the new interface (either because of a 0.0.0.0 bind, or because you have two udp() sources each bound to their respective interface) * packet filter does not filter out these messages You can check the first by issuing "netstat -np | grep 514" and check which interfaces syslog-ng has bound to. The second, well check that your packet filter is not in the way. -- Bazsi
-------- Original-Nachricht --------
Datum: Thu, 21 Aug 2008 14:30:48 +0200 Von: Balazs Scheidler <bazsi@balabit.hu> An: Syslog-ng users\' and developers\' mailing list <syslog-ng@lists.balabit.hu> Betreff: Re: [syslog-ng] syslog-ng 2 nics
Have you checked that: * syslog-ng is bound to the new interface (either because of a 0.0.0.0 bind, or because you have two udp() sources each bound to their respective interface) * packet filter does not filter out these messages
You can check the first by issuing "netstat -np | grep 514" and check which interfaces syslog-ng has bound to.
The second, well check that your packet filter is not in the way.
-- Bazsi
Hi, I checked the first issue with "netstat -np | grep 514" and it returned nothing! A grep syslog-ng returned "DGRAM 10006 3413/syslog-ng /dev/log" Syslog-ng is still logging entries for all host on the first nic and one host on the second nic! Boert -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
On Fri, 2008-08-22 at 06:50 +0200, Hubert Kupper wrote:
-------- Original-Nachricht --------
Datum: Thu, 21 Aug 2008 14:30:48 +0200 Von: Balazs Scheidler <bazsi@balabit.hu> An: Syslog-ng users\' and developers\' mailing list <syslog-ng@lists.balabit.hu> Betreff: Re: [syslog-ng] syslog-ng 2 nics
Have you checked that: * syslog-ng is bound to the new interface (either because of a 0.0.0.0 bind, or because you have two udp() sources each bound to their respective interface) * packet filter does not filter out these messages
You can check the first by issuing "netstat -np | grep 514" and check which interfaces syslog-ng has bound to.
The second, well check that your packet filter is not in the way.
-- Bazsi
Hi, I checked the first issue with "netstat -np | grep 514" and it returned nothing! A grep syslog-ng returned "DGRAM 10006 3413/syslog-ng /dev/log" Syslog-ng is still logging entries for all host on the first nic and one host on the second nic!
Hmm.. were you running netstat as root? It might not show everything if you run it as a non-root user. If there's no listening socket, I can't see how it would possibly log anything on either nics. -- Bazsi
Hi, after I removed the second nic and added it again to the syslog-ng server everything works fine now. I don't know why, but it do. Thanks and regards Boert -------- Original-Nachricht --------
Datum: Mon, 25 Aug 2008 09:03:33 +0200 Von: Balazs Scheidler <bazsi@balabit.hu> An: Syslog-ng users\' and developers\' mailing list <syslog-ng@lists.balabit.hu> Betreff: Re: [syslog-ng] syslog-ng 2 nics
On Fri, 2008-08-22 at 06:50 +0200, Hubert Kupper wrote:
-------- Original-Nachricht --------
Datum: Thu, 21 Aug 2008 14:30:48 +0200 Von: Balazs Scheidler <bazsi@balabit.hu> An: Syslog-ng users\' and developers\' mailing list <syslog-ng@lists.balabit.hu> Betreff: Re: [syslog-ng] syslog-ng 2 nics
Have you checked that: * syslog-ng is bound to the new interface (either because of a
0.0.0.0
bind, or because you have two udp() sources each bound to their respective interface) * packet filter does not filter out these messages
You can check the first by issuing "netstat -np | grep 514" and check which interfaces syslog-ng has bound to.
The second, well check that your packet filter is not in the way.
-- Bazsi
Hi, I checked the first issue with "netstat -np | grep 514" and it returned nothing! A grep syslog-ng returned "DGRAM 10006 3413/syslog-ng /dev/log" Syslog-ng is still logging entries for all host on the first nic and one host on the second nic!
Hmm.. were you running netstat as root? It might not show everything if you run it as a non-root user.
If there's no listening socket, I can't see how it would possibly log anything on either nics.
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Psssst! Schon das coole Video vom GMX MultiMessenger gesehen? Der Eine für Alle: http://www.gmx.net/de/go/messenger03
participants (2)
-
Balazs Scheidler
-
Hubert Kupper