[syslog-ng]Syslog-ng not receiving remote logs from stock Syslogd
Igor Gueths
syslog-ng@lists.balabit.hu
Thu, 9 Dec 2004 21:46:25 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all. I'm running the latest version of Syslog-ng (1.6.5). I've got all manner of local logging via unix-stream working just fine. My problem comes when I try and pull remote logs from a
machine that's running the stock Syslogd, as shipped with Slackware-10.0. I first made sure my Iptables rules were accepting any traffic to UDP port 514. I then set up something like this in
syslog-ng.conf. Note h14me is the hostname of the remote machine.
source h14me { udp(); };
destination h14melog { file("/var/log/h14me.log"); };
log { source(h14me); destination(h14melog); };
Syslog-ng -s didn't report any errors with this syntax, therefore I assumed it was correct. However, when I restart Syslog-ng I don't see an h14me.log file in /var/log. On the remote machine I
did this: @24.249.27.228
That was in /etc/syslog.conf. I had this type of setup going on another machine, however the difference was that I was running stock Syslogd as well. Does anyone know what I might be doing
wrong here? Shouldn't Syslog-ng/regular Syslogd be able to communicate since they can both use the UDP standard? Should I instead specify the udp driver in the source that's already working,
and then write a filter rule to take anything that comes from given host and put it in its own logfile? Or should I be able to specify 2 completely seperate sources? Thanks!
- --
"The answer to life, the universe, and everything is 42." -- Douglas Adams
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBuQ4BNohoaf1zXJMRApsTAKCcODwcOdfajdKoldQVFbOf5Ew7lQCfTYYe
cKJDLElWmMeJNv4FWC1+Tl0=
=FsH9
-----END PGP SIGNATURE-----