More Solaris 10 Woes - tcp/udp issues
I can't get syslog-ng to listen on port 514 using the tcp or udp sources. First, I have defined entries in /etc/services as follows: syslog-ng-udp 514/udp syslog syslog-ng-tcp 514/tcp syslog I have of course disabled the default system-log service. The following two I can't get to work/listen: (Verifying this with netstat -a) source s_udp { udp(port(514)); }; source s_tcp { tcp(port(514)); }; I can get it to listen with the following: source s_syslog { syslog( transport("udp") port(514) ); }; OR source s_syslog { syslog( transport("tcp") port(514) ); }; # netstat -a UDP: IPv4 Local Address Remote Address State -------------------- -------------------- ---------- *.syslog-ng-udp Idle However, syslog-ng doesn't seem to be doing anything with this. I can see the syslog message when snooping the interface on my syslog-ng server: root@log01:~# snoop -d nge0 udp port 514 Using device nge0 (promiscuous mode) ds01 -> log01 SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:22:08 ds01 -> log01 SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:11 ds01 -> log01 SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:17 Here is the catch all log statement I am using: destination r_messages { file ("/var/adm/messages_test"); }; log { source (s_syslog); destination (r_messages); }; Anyone have any ideas? Thx, CC
With the first one (the s_tcp/s_udp), try putting an explicit IP address, just for gits and shiggles. As for the second one, that expects the incoming data to be in the new IETF syslog format, so if its not, it puts the entire message into the message body with default headers (forget what the default is though). So you wont see these messages if that default facility/level doesnt go anywhere. You can either use the 'syslog-protocol' flag for the sending side on the tcp()/udp() destination, or use the syslog() destination driver. Sent: Wednesday, July 21, 2010 2:48:02 PM From: Chuck <chuck.carson@gmail.com> To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] More Solaris 10 Woes - tcp/udp issues
I can't get syslog-ng to listen on port 514 using the tcp or udp sources. First, I have defined entries in /etc/services as follows: syslog-ng-udp 514/udp syslog syslog-ng-tcp 514/tcp syslog
I have of course disabled the default system-log service.
The following two I can't get to work/listen: (Verifying this with netstat -a) source s_udp { udp(port(514)); }; source s_tcp { tcp(port(514)); };
I can get it to listen with the following: source s_syslog { syslog( transport("udp") port(514) ); }; OR source s_syslog { syslog( transport("tcp") port(514) ); };
# netstat -a UDP: IPv4 Local Address Remote Address State -------------------- -------------------- ---------- *.syslog-ng-udp Idle
However, syslog-ng doesn't seem to be doing anything with this. I can see the syslog message when snooping the interface on my syslog-ng server: root@log01:~# snoop -d nge0 udp port 514 Using device nge0 (promiscuous mode) ds01 -> log01 SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:22:08 ds01 -> log01 SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:11 ds01 -> log01 SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:17
Here is the catch all log statement I am using: destination r_messages { file ("/var/adm/messages_test"); }; log { source (s_syslog); destination (r_messages); };
Anyone have any ideas?
Thx, CC
------------------------------------------------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Chuck
-
Patrick H.