[syslog-ng]Error connecting to log server

Richard E. Perlotto II richard@perlotto.com
21 Dec 2002 22:43:37 -0800


I have a set of Mandrake 9.0 boxes all running the latest version
of syslog-ng (1.5.24).  I have a centralized log server that is
receiving logs from a variety of udp and tcp (syslog-ng) sources.
All but one of the devices is able to log to the log server.  The
error that I get from that one server is:

Error connecting to remote host AF_INET(10.1.1.1:5100), reattempting in
10 seconds

Now I know that packet is getting there because I can look at an
ACL from a router that sits between them:

Dec 21 22:25:16 router1/router1 1553: Dec 21 22:28:09.816 pst:
%SEC-6-IPACCESSLOGP: list 100 permitted tcp 10.1.1.1(32830)
(FastEthernet1/0 0030.4841.12a4) -> 10.2.1.1(5100), 1 packet

This same log server is also successfully receiving tcp logs from 
other syslog-ng servers without a problem and one of these is on
the same subnet as the one that is having the problem connecting.

The interesting thing is that even with using 514/udp the traffic
does not seem to get to the log server.  If I revert back to the
standard syslog daemon, life is well again.

Richard