-----Original Message----- From: Paul Thomas [mailto:pwthoma@anc.net] Sent: Tuesday, February 04, 2003 11:55 AM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Some Boxes Refuse to Write to syslog-ng host

The loghost is resolving correctly.

I get the following in tcpdump which tells me that the packets are being set to the syslog-ng loghost.

root@advil:/tmp# tcpdump dst host plague.anc.net tcpdump: listening on eth0 10:44:39.856806 advil.anc.net.syslog > plague.anc.net.syslog: udp 47 (DF) 10:44:39.856851 advil.anc.net.syslog > plague.anc.net.syslog: udp 37 (DF) 10:45:03.885048 advil.anc.net.syslog > plague.anc.net.syslog: udp 47 (DF) 10:45:03.885090 advil.anc.net.syslog > plague.anc.net.syslog: udp 37 (DF) 10:45:05.334610 advil.anc.net.syslog > plague.anc.net.syslog: udp 47 (DF) 10:45:05.334650 advil.anc.net.syslog > plague.anc.net.syslog: udp 37 (DF) 10:45:06.516617 advil.anc.net.syslog > plague.anc.net.syslog: udp 47 (DF) 10:45:06.516815 advil.anc.net.syslog > plague.anc.net.syslog: udp 37 (DF)

8 packets received by filter 0 packets dropped by kernel

Good. That means they are being sent.

There is a firewall between the 2 machines but it isn't blocking this port. I know that because there are other machines are the same subnet that are able to get to the loghost and nothing is showing up in my firewall logs.

Any more suggestions?

Now check of the receiving system with tcpdump to see if they are received. Michael Breton Commtel