Hi Bazsi, Im using a Red Hat Enterprise Linux AS 4.0 as Syslog-ng Server ( Centralized Log Server). I have got Syslog-ng 1.6 running on Solaris 8.0 and Syslog-ng 2.0rc1 running on Linux AS 4.0. All the logs from clients ( Both Linux & Solaris ) are transferred to Syslog-ng Server ( Centralized Log Server) on TCP Based communication(Destination). I restarted the Central Log Server after I noticed the error messages in Clients. After I restarted the server, server is able to accept the logs. Thanks a lot for your quick response. -Rajeesh -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Tuesday, October 31, 2006 4:29 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] help- Problem with TCP Based Centralized LogServer using Syslog-ng On Tue, 2006-10-31 at 14:52 +0530, Padmanabhan, Rajeesh (GE Healthcare) wrote:

Hi

Im trying to setup a centralized, TCP Based Log Server using Syslog-ng. Syslog-ng server stops accepting logs from clients intermediatley. It works again, once i restart the syslog-ng server. Im getting following error messages from clients. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Oct 18 10:29:28 System1 syslog-ng[11745]: Connection broken; time_reopen='60' Oct 18 15:06:26 RADIUM syslog-ng[4999]: io.c: do_write: write() failed

(errno 32), Broken pipe Oct 18 15:06:26 RADIUM syslog-ng[4999]: pkt_buffer::do_flush(): Error flushing data Oct 18 15:06:26 RADIUM syslog-ng[4999]: Connection broken to AF_INET(10.70.201.233:514), reopening in 10 seconds syslog-ng[13843]: Connection failed; error='Connection refused (111)', time_reopen='60 syslog-ng[302]: Error connecting to remote host AF_INET(10.70.201.233:514), reattempting in 10 seconds

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please help me...

I'm sorry but you need to give further details, like OS, architecture syslog-ng version that you used. When did you receive the messages above? after restarting syslog-ng or was this the reason why you restarted syslog-ng in the first place? Because restarting syslog-ng naturally breaks existing connections and there's a small race of opportunity while the port is closed and clients try to connect to it, in this case you get connection refused. So all in all we'd need more information in order to help you. -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html