[syslog-ng]Error connecting to log server

[Balazs Scheidler]

On Sat, Dec 21, 2002 at 10:43:37PM -0800, Richard E. Perlotto II wrote:
> I have a set of Mandrake 9.0 boxes all running the latest version
> of syslog-ng (1.5.24).  I have a centralized log server that is
> receiving logs from a variety of udp and tcp (syslog-ng) sources.
> All but one of the devices is able to log to the log server.  The
> error that I get from that one server is:
> 
> Error connecting to remote host AF_INET(10.1.1.1:5100), reattempting in
> 10 seconds
> 
> Now I know that packet is getting there because I can look at an
> ACL from a router that sits between them:
> 
> Dec 21 22:25:16 router1/router1 1553: Dec 21 22:28:09.816 pst:
> %SEC-6-IPACCESSLOGP: list 100 permitted tcp 10.1.1.1(32830)
> (FastEthernet1/0 0030.4841.12a4) -> 10.2.1.1(5100), 1 packet
> 
> This same log server is also successfully receiving tcp logs from 
> other syslog-ng servers without a problem and one of these is on
> the same subnet as the one that is having the problem connecting.

I'd think it is some kind of TCP problem, try tcpdumping the traffic on your
syslog host (either the client or the server). ECN might be blocked for
instance.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1