[syslog-ng]UDP syslog not being logged by syslog-ng

Moxey, Joel, CND Tech Dev, VF UK Joel.Moxey@gb.vodafone.co.uk
Wed, 29 Jan 2003 14:07:41 -0000


Hi!

I'm having some problems getting remote hosts to log as desired to a log =
server.

I'm using version 1.4.17 on Red Hat with the following config:

#Start
options {
		sync(0);
		log_fifo_size(1000);
		use_dns(no);
		use_fqdn(no);
		create_dirs(no);
		keep_hostname(no);
};

source s_all {
		pipe("/proc/kmsg");
		unix-stream("/dev/log");
		udp(localip(A.B.C.D) localport(514));
		internal();
};

destination d_notauth { file("/systems/$HOST/messages" perm(0644)); };
destination d_auth { file("/systems/$HOST/authmsg"); };

filter f_notauth { not facility(auth, authprov); };
filter f_auth { facility(auth, authprov); };

log { source(s_all); filter(f_notauth); destination(d_notauth) };
log { source(s_all); filter(f_auth); destination(d_auth) };
#End

I have created appropriate directories for each remote host, and each =
host has an entry in the /etc/hosts file.

Using logger, I have confirmed the config works as desired for the log =
server. However, using logger on remote hosts (I've tried Solaris and =
Red Hat), I can not seem to get the message written to file.

I have confirmed using tcpdump that the messages reach the log server, =
and can see by netstat that the UDP socket is open.

I thought it might be because of the $HOST part, but also tried using =
destinations without this to no success.

Any suggestions to what my problem might be?

Thanks for any help,

Joel