[syslog-ng] logging via tcp connection

will@korson-mcgregor.com will@korson-mcgregor.com
Wed, 28 Jun 2000 19:21:46 -0400


I'm trying to set up a Linux Firewall to log to a central log box. Both are 
running syslog-ng 1.4.4 on Debian 2.2.  

-----------snip from logbox syslog-ng.conf--------
source firewall { tcp(ip(0.0.0.0) port(1999)); };

-----------end snip from logbox syslog-ng.conf----
syslog-ng starts just fine with no errors. 

# netstat -an |grep 1999
tcp        0      0 0.0.0.0:1999            0.0.0.0:*               LISTEN

Seems to be up and running fine.

-----------snip from firewall syslog-ng.conf---------
destination logbox { tcp("10.0.0.87" port(1999)); };

-----------snip from firewall syslog-ng.conf---------

# syslog-ng -d -v 
binding fd 3, unixaddr: /dev/log
io.c: listening on fd 3
io.c: connecting using fd 4
connecting fd 4 to inetaddr 10.0.0.87, port 1999
Error creating AF_INET socket (Operation now in progress)
Error initializing configuration, exiting.

Thats not good

# strace -s 64 -f -F -vv syslog-ng -d -v
--snip----
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 4
fcntl(4, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
write(2, "io.c: connecting using fd 4\n", 28io.c: connecting using fd 4) = 28
write(2, "connecting fd 4 to inetaddr 10.0.0.87, port 1999\n", 49connecting fd 4 to inetaddr 10.0.0.87, port 1999) = 49
connect(4, {sin_family=AF_INET, sin_port=htons(1999), sin_addr=inet_addr("10.0.0.87")}}, 16) = -1 EINPROGRESS (Operation now in progress)
close(4)                                = 0
write(2, "Error creating AF_INET socket (Operation now in progress)\n", 58Error creating AF_INET socket (Operation now in progress)) = 58
write(2, "Error initializing configuration, exiting.\n", 43Error initializing configuration, exiting.) = 43
_exit(2)                                = ?

Even worse.. it seems that the connection is not even given time to connect
successfully but is closed immediatly. I'm not a good socket hacker or I'd
try to fix it myself.   Is it possible that I have some config value wrong
or am using a known buggy version?  

Help would be most appreciated!

Will Cordis