[syslog-ng]Can't receive syslog by UDP protocol

Xiaodong Lin syslog-ng@lists.balabit.hu
Tue, 7 Dec 2004 11:05:41 -0700


This is a multi-part message in MIME format.

------_=_NextPart_001_01C4DC87.A554A3DB
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I think you should use the following:
udp(ip(0.0.0.0) port(514));
=20
instead of udp();
=20
Xiaodong

________________________________

From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of wei
Sent: Tuesday, December 07, 2004 3:29 AM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Can't receive syslog by UDP protocol



Greeting!

=20

I have set up my syslog-ng environment by the default syslog-ng.conf
file. By the linux default logger command, I can generate syslog to
file.=20

But when I use a syslog client send out syslog to the syslog-ng server,
I can't receive the log by UDP protocol. But I can get TCP protocol
syslog. Could anyone tell me why?

=20

Thanks!

=20

My system is RedHat 9.0. The syslog client is Kiwi Syslog Gen in
windows. The following is part of my syslog.conf file:

=20

source src {=20

         pipe("/proc/kmsg");=20

         unix-stream("/dev/log");=20

         internal();=20

         udp();

         tcp(port(5140) keep-alive(yes));=20

};

=20

log {=20

         source(src);=20

         destination(file);=20

};


------_=_NextPart_001_01C4DC87.A554A3DB
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word"><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1476" name=3DGENERATOR>
<STYLE>@font-face {
	font-family: SimSun;
}
@font-face {
	font-family: SimSun;
}
@page Section1 {size: 595.3pt 841.9pt; margin: 72.0pt 90.0pt 72.0pt =
90.0pt; layout-grid: 15.6pt; }
P.MsoNormal {
	TEXT-JUSTIFY: inter-ideograph; FONT-SIZE: 10.5pt; MARGIN: 0cm 0cm 0pt; =
FONT-FAMILY: "Times New Roman"; TEXT-ALIGN: justify
}
LI.MsoNormal {
	TEXT-JUSTIFY: inter-ideograph; FONT-SIZE: 10.5pt; MARGIN: 0cm 0cm 0pt; =
FONT-FAMILY: "Times New Roman"; TEXT-ALIGN: justify
}
DIV.MsoNormal {
	TEXT-JUSTIFY: inter-ideograph; FONT-SIZE: 10.5pt; MARGIN: 0cm 0cm 0pt; =
FONT-FAMILY: "Times New Roman"; TEXT-ALIGN: justify
}
A:link {
	COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
	COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
	COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
	COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
	COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
	page: Section1
}
</STYLE>
</HEAD>
<BODY lang=3DZH-CN style=3D"TEXT-JUSTIFY-TRIM: punctuation" =
vLink=3Dpurple link=3Dblue>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D913000318-07122004><FONT =
face=3DArial=20
color=3D#0000ff size=3D2>I think you should use the =
following:</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D913000318-07122004><FONT =
face=3DArial=20
color=3D#0000ff size=3D2>udp(ip(0.0.0.0) port(514));</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D913000318-07122004><FONT =
face=3DArial=20
color=3D#0000ff size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D913000318-07122004><FONT =
face=3DArial=20
color=3D#0000ff size=3D2>instead of udp();</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D913000318-07122004><FONT =
face=3DArial=20
color=3D#0000ff size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D913000318-07122004><FONT =
face=3DArial=20
color=3D#0000ff size=3D2>Xiaodong</FONT></SPAN></DIV><BR>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> =
syslog-ng-admin@lists.balabit.hu=20
[mailto:syslog-ng-admin@lists.balabit.hu] <B>On Behalf Of=20
</B>wei<BR><B>Sent:</B> Tuesday, December 07, 2004 3:29 AM<BR><B>To:</B> =

syslog-ng@lists.balabit.hu<BR><B>Subject:</B> [syslog-ng]Can't receive =
syslog by=20
UDP protocol<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=3DSection1 style=3D"LAYOUT-GRID:  15.6pt none">
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">Greeting!<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: Arial">I have set up my syslog-ng=20
environment by the default syslog-ng.conf file. By the linux default =
logger=20
command, I can generate syslog to file. <o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: Arial">But when I use a syslog =
client send=20
out syslog to the syslog-ng server, I can&#8217;t receive the log by UDP =
protocol. But=20
I can get TCP protocol syslog. Could anyone tell me=20
why?<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">Thanks!<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: Arial">My system is RedHat 9.0. =
The syslog=20
client is Kiwi Syslog Gen in windows. The following is part of my =
syslog.conf=20
file:<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: Arial">source src {=20
<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
pipe("/proc/kmsg"); <o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
unix-stream("/dev/log"); <o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
internal(); <o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
udp();<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
tcp(port(5140) keep-alive(yes)); <o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">};<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: Arial">log { =
<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
source(src); <o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
destination(file); <o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D1><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">};<o:p></o:p></SPAN></FONT></P></DIV></BODY></HTML>

------_=_NextPart_001_01C4DC87.A554A3DB--