I don't see a similar issue in the archives and I went back to August 2006... I am trying to send a message following RFC3164 to a syslog-ng daemon reading from port 601 on a SLES-10 Linux machine. The format of the message is: <64>Feb 7 16:42:03 c4dev-lathrs1 TAG: smlSocket Test TCP syslog buffer msg The reason for me to send the message is to understand whether the message was delivered (not necessarily written to disk). When I send the message to a UDP port (514) on the machine, I can see the message just fine. When I send the exact same message to the TCP port, I see the receipt processing (via strace), but nothing shows up in the /var/log/messages file. The version of syslog-ng is 1.6.8 according to what is in /var/log/messages Any suggestions? The /etc/services file references 601 as being syslog-conn for both tcp and udp syslog-conn 601/tcp # Reliable Syslog Service syslog-conn 601/udp # Reliable Syslog Service The remote config file is: # # /etc/syslog-ng/syslog-ng.conf # # Automatically generated by SuSEconfig on Thu Feb 7 12:00:53 EST 2008. # # PLEASE DO NOT EDIT THIS FILE! # # you can modify /etc/syslog-ng/syslog-ng.conf.in instead # # # # File format description can be found in syslog-ng.conf(5) # and /usr/share/doc/packages/syslog-ng/syslog-ng.txt. # # # Global options. # options { long_hostnames(off); sync(0); perm(0640); stats(3600); }; # # 'src' is our main source definition. you can add # more sources driver definitions to it, or define # your own sources, i.e.: # #source my_src { .... }; # source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal(); # # the following line will be replaced by the # socket list generated by SuSEconfig using # variables from /etc/sysconfig/syslog: # unix-dgram("/dev/log"); # # uncomment to process log messages from network: # udp(ip("0.0.0.0") port(514)); tcp( ip("0.0.0.0") port(601) keep-alive(yes) ); }; # # Filter definitions # filter f_iptables { facility(kern) and match("IN=") and match("OUT="); }; filter f_console { level(warn) and facility(kern) and not filter(f_iptables) or level(err) and not facility(authpriv); }; filter f_newsnotice { level(notice) and facility(news); }; filter f_newscrit { level(crit) and facility(news); }; filter f_newserr { level(err) and facility(news); }; filter f_news { facility(news); }; filter f_mailinfo { level(info) and facility(mail); }; filter f_mailwarn { level(warn) and facility(mail); }; filter f_mailerr { level(err, crit) and facility(mail); }; filter f_mail { facility(mail); }; filter f_cron { facility(cron); }; filter f_local { facility(local0, local1, local2, local3, local4, local5, local6, local7); }; filter f_acpid { match('^\[acpid\]:'); }; filter f_netmgm { match('^NetworkManager:'); }; filter f_messages { not facility(news, mail) and not filter(f_iptables); }; filter f_warn { level(warn, err, crit) and not filter(f_iptables); }; filter f_alert { level(alert); }; filter f_smlInfoNotice { level(info...notice); }; filter f_smlFacility { filter(f_local) and facility(user) and facility(auth) and facility(authpriv); }; filter f_smlCrit { level(crit); }; # # Most warning and errors on tty10 and on the xconsole pipe: # destination console { file("/dev/tty10" group(tty) perm(0620)); }; log { source(src); filter(f_console); destination(console); }; destination xconsole { pipe("/dev/xconsole" group(tty) perm(0400)); }; log { source(src); filter(f_console); destination(xconsole); }; # Enable this, if you want that root is informed immediately, # e.g. of logins: # #destination root { usertty("root"); }; #log { source(src); filter(f_alert); destination(root); }; # # News-messages in separate files: # destination newscrit { file("/var/log/news/news.crit" owner(news) group(news)); }; log { source(src); filter(f_newscrit); destination(newscrit); }; destination newserr { file("/var/log/news/news.err" owner(news) group(news)); }; log { source(src); filter(f_newserr); destination(newserr); }; destination newsnotice { file("/var/log/news/news.notice" owner(news) group(news)); }; log { source(src); filter(f_newsnotice); destination(newsnotice); }; # # and optionally also all in one file: # (don't forget to provide logrotation config) # #destination news { file("/var/log/news.all"); }; #log { source(src); filter(f_news); destination(news); }; # # Mail-messages in separate files: # destination mailinfo { file("/var/log/mail.info"); }; log { source(src); filter(f_mailinfo); destination(mailinfo); }; destination mailwarn { file("/var/log/mail.warn"); }; log { source(src); filter(f_mailwarn); destination(mailwarn); }; destination mailerr { file("/var/log/mail.err" fsync(yes)); }; log { source(src); filter(f_mailerr); destination(mailerr); }; # # and also all in one file: # destination mail { file("/var/log/mail"); }; log { source(src); filter(f_mail); destination(mail); }; # # acpid messages in one file: # destination acpid { file("/var/log/acpid"); }; log { source(src); filter(f_acpid); destination(acpid); flags(final); }; # # NetworkManager messages in one file: # destination netmgm { file("/var/log/NetworkManager"); }; log { source(src); filter(f_netmgm); destination(netmgm); flags(final); }; # # Cron-messages in one file: # (don't forget to provide logrotation config) # #destination cron { file("/var/log/cron"); }; #log { source(src); filter(f_cron); destination(cron); }; # # Some boot scripts use/require local[1-7]: # destination localmessages { file("/var/log/localmessages"); }; log { source(src); filter(f_local); destination(localmessages); }; # # All messages except iptables and the facilities news and mail: # destination messages { file("/var/log/messages"); }; log { source(src); filter(f_messages); destination(messages); }; # # Firewall (iptables) messages in one file: # destination firewall { file("/var/log/firewall"); }; log { source(src); filter(f_iptables); destination(firewall); }; # # Warnings (except iptables) in one file: # destination warn { file("/var/log/warn" fsync(yes)); }; log { source(src); filter(f_warn); destination(warn); }; # # Enable this, if you want to keep all messages in one file: # (don't forget to provide logrotation config) # #destination allmessages { file("/var/log/allmessages"); }; #log { source(src); destination(allmessages); }; # sml TEST # log { source(src); filter(f_smlCrit); destination(smlFileDest) destination(smlTcpDest); }; #log { source(src); filter(f_smlCrit); destination(smlTcpDest); }; #log { source(src); filter(f_smlInfoNotice); destination(smlFileDest); }; destination smlFileDest { file("/var/log/smlDestination" fsync(yes)); }; #log { source(src); filter(f_smlInfoNotice); destination(smlFileDest); }; #log { source(src); filter(f_smlFacility); destination(smlFileDest); }; log { source(src); destination(smlFileDest); }; __________________ Stephen M. Lathrop mailto:lathrop_steve@emc.com EMC Corporation phone: (508) 305-8596 32 Coslin Drive internal: 824-48596 Southboro, MA 01772 fax: (508) 305-8474 www.emc.com Have-a-heck-of-a-day 4 under 4 apart