[syslog-ng]solaris linux

Wed, 12 Mar 2003 13:40:26 +0100

Hallo Nate

Well actually on the server side I installed syslog-ng with tcp-wrapper support,
of course the correct entry is in hosts.allow, this has been successfully
tested with a linux client. A netstat -a shows that the solaris box is connected.
Now I have tried out your solaris syslog-ng.conf from your FAQ site, which
should actually log locally AND send to the loghost, but it does neither,
leading me to believe that it must be a local problem on the solaris box.
A ps -ef reveals that syslog-ng has been successfully started and as mentioned
a netstat -a on the loghost shows a successful connection, however nothing
is logged. In the README libol support is recommended, this was successfully
found upon installing syslog-ng. Upon installing syslog-ng on the sol box
I used a --prefix and installed to a different path however, which the init.script
points to. I used the init script from the contrib directory, perhaps this
is the problem, if not then I'm back to square 1. Can anyone see a problem
with this script ? looks fine to me:

###################################
DAEMON=/usr/local.hg/sbin/syslog-ng

case "$1" in
        start)
                if [ -f /path/to/correct/syslog-ng.conf -a -f /usr/local/sbin/syslog-ng
]; then
                        echo 'syslog-ng service starting.'
                        #
                # Before syslog-ng starts, save any messages from previous
                # crash dumps so that messages appear in chronological order.
                        #
                        /usr/bin/savecore -m
                        if [ -r /etc/dumpadm.conf ]; then
                                . /etc/dumpadm.conf
                                [ "x$DUMPADM_DEVICE" != xswap ] && \
                                    /usr/bin/savecore -m -f $DUMPADM_DEVICE
                        fi
                        $DAEMON -p /var/run/syslog-ng.pid
                fi
                ;;

        stop)
                if [ -f /var/run/syslog-ng.pid ]; then
                        syspid=`/usr/bin/cat /var/run/syslog-ng.pid`
            [ "$syspid" -gt 0 ] && kill -15 $syspid && rm /var/run/syslog-ng.pid
                fi
                ;;
        *)
                echo "Usage: $0 { start | stop }"
                exit 1
                ;;
esac
#####################################

>From: Nate Campi <nate@campin.net>

>On Tue, Mar 11, 2003 at 01:55:16PM +0100, garvald@bluemail.ch wrote:
>> 
>> trying to log from solaris 8 to Linux (gentoo). I'm using 1.5.26 on the
>linux
>> side and 1.5.25 on the solaris. I've tried several linux versions ranging
>> from 1.4x to current with no luck. Logging from linux -> linux is no problem.
>> I've tried googling and newsgroups etc and writing mails but nobody can
>help.
>> If nobody replies to this i'll be switching to another logger ;c] here's
>> the configuration I'm using, its very basic and according to an earlier
>post
>> from the "maintainer" it should work:
>
>It seems unlikely that this is a syslog-ng problem. People aren't
>responding because it's not clear that you eliminated other factors. You
>need to test if TCP traffic can really make it between the ports and
>hosts involved. Eliminate the lower levels of the TCP/IP stack before
>working on the app layer.
>
>HINT: telnet from the solaris client to the listening syslog-ng port on
>the linux host. You might not be able to connect at all. Try UDP too,
>test sending UDP traffic with netcat. Try UDP too, test sending UDP
>traffic with netcat, once you set up a udp listener on the loghost.