[syslog-ng]Some Boxes Refuse to Write to syslog-ng host
Michael Breton
mbreton@commtel.net
Tue, 4 Feb 2003 12:00:21 -0500
> -----Original Message-----
> From: Paul Thomas [mailto:pwthoma@anc.net]
> Sent: Tuesday, February 04, 2003 11:55 AM
> To: syslog-ng@lists.balabit.hu
> Subject: Re: [syslog-ng]Some Boxes Refuse to Write to syslog-ng host
>
>
> The loghost is resolving correctly.
>
> I get the following in tcpdump which tells me that the
> packets are being
> set to the syslog-ng loghost.
>
> root@advil:/tmp# tcpdump dst host plague.anc.net
> tcpdump: listening on eth0
> 10:44:39.856806 advil.anc.net.syslog > plague.anc.net.syslog:
> udp 47 (DF)
> 10:44:39.856851 advil.anc.net.syslog > plague.anc.net.syslog:
> udp 37 (DF)
> 10:45:03.885048 advil.anc.net.syslog > plague.anc.net.syslog:
> udp 47 (DF)
> 10:45:03.885090 advil.anc.net.syslog > plague.anc.net.syslog:
> udp 37 (DF)
> 10:45:05.334610 advil.anc.net.syslog > plague.anc.net.syslog:
> udp 47 (DF)
> 10:45:05.334650 advil.anc.net.syslog > plague.anc.net.syslog:
> udp 37 (DF)
> 10:45:06.516617 advil.anc.net.syslog > plague.anc.net.syslog:
> udp 47 (DF)
> 10:45:06.516815 advil.anc.net.syslog > plague.anc.net.syslog:
> udp 37 (DF)
>
> 8 packets received by filter
> 0 packets dropped by kernel
Good. That means they are being sent.
> There is a firewall between the 2 machines but it isn't blocking this
> port. I know that because there are other machines are the
> same subnet
> that are able to get to the loghost and nothing is showing up in my
> firewall logs.
>
> Any more suggestions?
Now check of the receiving system with tcpdump to see if they are received.
Michael Breton
Commtel