I guess I wasn't patient enough to try on one of our production boxes that does generate messages. I see the messages coming in now. But thanks for all the help. Maunir Shah ________________________________ From: Shah, Maunir Sent: Friday, June 16, 2006 2:47 PM To: Shah, Maunir; 'syslog-ng@lists.balabit.hu' Subject: RE: Syslog-ng not logging anything from Solaris host telnet uses tcp, whereas syslogd uses udp by default, so the traffic might still be blocked by a firewall. Regarding your response for telnet, we had tcp and udp protocol enabled for syslog-ng when we tested to make sure firewall is not blocking it. But, since default solaris syslog uses udp I took out tcp to test and no logging whatsoever. When I run a snoop on syslog-ng server I don't even see any kind of packets coming in when I run logger -p on the test host. Does anyone know if my syslog.conf file on the test box is right or wrong? Maybe that's what is causing it to not send anything. Thanks Maunir Shah ________________________________ From: Shah, Maunir Sent: Friday, June 16, 2006 11:37 AM To: 'syslog-ng@lists.balabit.hu' Subject: Syslog-ng not logging anything from Solaris host I'm running syslog-ng 1.6.11 on Solaris 10 zone, and so far I'm able to see logs being created locally but I'm not seeing any kind of logging from other Solaris host. For my syslog-ng server I made sure that I'm using udp and for source its door. I've two test servers running Solaris 8 and 10 that I'm testing from and have changed syslog.conf to reflect the changes and point all my logs to go to syslog-ng. It's not the firewall that is blocking it as we are able to telnet to port 514 and whatever you type in the cmd prompt it records it on the syslog-ng server. I know I'm missing something in the config file but not sure what I'm doing wrong. My syslog-ng.conf file source s_dgram { sun-streams ("/dev/log" door("/etc/.syslog_door")); }; source s_internal { internal(); }; #source s_kernel # { pipe("/proc/kmsg" log_prefix("kernel: ")); }; #source s_tcp # { tcp(ip(10.1.100.84)port(514) keep-alive(yes) max_connections(100)); }; source s_udp { udp(); }; Solaris 8 box syslog.conf file #ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1998 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.* @loghost Maunir Shah 630-285-5875 - desk 630-550-6266 - cell ******************************* IMPORTANT MESSAGE ****************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ********************************************************************************