syslog-ng to syslog not working
Hello all. I have a syslog-ng server and I want to forward some messages to a Syslogd Server. I don't want stunnel or anything special, just send syslog-ng messages via udp(514), but right now I get the following error: Jul 22 20:10:06 s_localhost@RHTSRV syslog-ng[31406]: io.c: do_write: write() fai led (errno 111), Connection refused Jul 22 20:10:06 s_localhost@RHTSRV syslog-ng[31406]: Connection broken to AF_INE T(192.168.4.252:514), reopening in 60 seconds Jul 22 20:11:07 s_localhost@RHTSRV syslog-ng[31406]: io.c: do_write: write() fai led (errno 111), Connection refused Jul 22 20:11:07 s_localhost@RHTSRV syslog-ng[31406]: Connection broken to AF_INE T(192.168.4.252:514), reopening in 60 seconds Jul 22 20:12:07 s_localhost@RHTSRV syslog-ng[31406]: io.c: do_write: write() fai led (errno 111), Connection refused Jul 22 20:12:07 s_localhost@RHTSRV syslog-ng[31406]: Connection broken to AF_INE T(192.168.4.252:514), reopening in 60 seconds This is the definition in my syslog-ng.conf file source s_localhost { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); }; destination d_TestServer { udp ("192.168.4.252" port(514)); }; log { source(s_localhost); destination(d_localhost); destination(d_TestServer); }; Can someone help me to find the source of the problem? Thanks in advance Gerardo Amaya
Gerardo Amaya wrote:
Hello all. I have a syslog-ng server and I want to forward some messages to a Syslogd Server. I don't want stunnel or anything special, just send syslog-ng messages via udp(514), but right now I get the following error:
Can you netcat to 192.168.4.252 port 514 and send some lines? If this works then something with syslog-ng might not be ok. If this (the netcat thing) does not work, then you might have a problem with a filter or a routing table entry for example.
Jul 22 20:10:06 s_localhost@RHTSRV syslog-ng[31406]: io.c: do_write: write() fai led (errno 111), Connection refused
Do you have a packet filter between your host and the syslogd server? Is the syslogd really listening on 192.168.4.252:512 (UDP) on the server? Is this address routed and connected physically to the correct interface? ECONNREFUSED (errno 111) normally means that no one is listening on the remote address. Regards, Roberto Nibali, ratz -- ------------------------------------------------------------- addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355 http://www.terreactive.com fax://++41 62 823 9356 ------------------------------------------------------------- terreActive AG Wir sichern Ihren Erfolg -------------------------------------------------------------
Roberto Nibali wrote:
Gerardo Amaya wrote:
Hello all. I have a syslog-ng server and I want to forward some messages to a Syslogd Server. I don't want stunnel or anything special, just send syslog-ng messages via udp(514), but right now I get the following error:
Can you netcat to 192.168.4.252 port 514 and send some lines? If this works then something with syslog-ng might not be ok. If this (the netcat thing) does not work, then you might have a problem with a filter or a routing table entry for example.
Jul 22 20:10:06 s_localhost@RHTSRV syslog-ng[31406]: io.c: do_write: write() fai led (errno 111), Connection refused
Do you have a packet filter between your host and the syslogd server? Is the syslogd really listening on 192.168.4.252:512 (UDP) on the server? Is this address routed and connected physically to the correct interface?
ECONNREFUSED (errno 111) normally means that no one is listening on the remote address.
Regards, Roberto Nibali, ratz
I tried to send to 192.168.4.252 UDP 514 syslog messages via another computer with Kiwi Syslog gen and the packets arrive with no problem at all. So I guess the problem resides on my syslog-ng server. What could it be? Thanks in advance Gerardo Amaya
I tried to send to 192.168.4.252 UDP 514 syslog messages via another computer with Kiwi Syslog gen and the packets arrive with no problem at all.
This is not going to help you address the issues I raised. You have to do the tests on the machine that does not work. Use netcat to connect from your client that does not work to the server.
So I guess the problem resides on my syslog-ng server. What could it be?
You have to try it from the node that does not work. Also if it works from another node, I reckon your syslog server is indeed working. Also you haven't answered my other questions regarding packet filters and routing. Regards, Roberto Nibali, ratz -- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
participants (3)
-
Gerardo Amaya
-
Roberto Nibali
-
Roberto Nibali