[syslog-ng]Some Boxes Refuse to Write to syslog-ng host

Paul Thomas pwthoma@anc.net
Tue, 04 Feb 2003 10:55:22 -0600


The loghost is resolving correctly.

I get the following in tcpdump which tells me that the packets are being 
set to the syslog-ng loghost.

root@advil:/tmp# tcpdump dst host plague.anc.net
tcpdump: listening on eth0
10:44:39.856806 advil.anc.net.syslog > plague.anc.net.syslog:  udp 47 (DF)
10:44:39.856851 advil.anc.net.syslog > plague.anc.net.syslog:  udp 37 (DF)
10:45:03.885048 advil.anc.net.syslog > plague.anc.net.syslog:  udp 47 (DF)
10:45:03.885090 advil.anc.net.syslog > plague.anc.net.syslog:  udp 37 (DF)
10:45:05.334610 advil.anc.net.syslog > plague.anc.net.syslog:  udp 47 (DF)
10:45:05.334650 advil.anc.net.syslog > plague.anc.net.syslog:  udp 37 (DF)
10:45:06.516617 advil.anc.net.syslog > plague.anc.net.syslog:  udp 47 (DF)
10:45:06.516815 advil.anc.net.syslog > plague.anc.net.syslog:  udp 37 (DF)

8 packets received by filter
0 packets dropped by kernel

There is a firewall between the 2 machines but it isn't blocking this 
port.  I know that because there are other machines are the same subnet 
that are able to get to the loghost and nothing is showing up in my 
firewall logs.

Any more suggestions?

Paul

At 11:25 PM 2/3/2003, you wrote:
>Message: 7
>To: syslog-ng@lists.balabit.hu
>Cc: Leonard_Mills@corpnet.sel.sony.com
>Subject: Re: [syslog-ng]Some Boxes Refuse to Write to syslog-ng host
><5.2.0.9.0.20030203161839.022feaf0@127.0.0.1>
>Date: Mon, 03 Feb 2003 22:25:54 +0000
>From: Leonard Mills <Leonard_Mills@corpnet.sel.sony.com>
>Reply-To: syslog-ng@lists.balabit.hu
>
>
>You might get a good idea by using
>
>dig @localhost loghost.domain.com
>
>If that gives you what you need, then try using
>tcpdump from one of the failing hosts after a
>kill -HUP on syslogd.
>
>Hope this helps,
>
>Len