[syslog-ng]Faultfinding techniques for logging failure.
Nate Campi
syslog-ng@lists.balabit.hu
Mon, 8 Mar 2004 19:46:28 -0800
On Mon, Mar 08, 2004 at 06:41:01PM -0500, Adam wrote:
>
> There are a few NT servers that are supposed to log their backups to this
> server using the syslog-ng WinNT client. Logging to port 5140.
What? You sure it's syslog-ng? Also, log "backups using syslog-ng"? What
exactly do you mean here?
> They don't, however data sent via telnet to port 5140 both sent by itself
> and by one other machine is logged.
The other machine is also one that's trying to send via syslog-ng over
TCP and failing? What do the logs on the remote host (client) say?
On the remote host (syslog client) use IPs instead of names, and double
check the IP, Make sure you're really using TCP, make sure syslog-ng is
running, if not start it manually and see why not (it'll give an error
when it exits).
Since you verified TCP connectivity between the hosts using the port in
question it's entirely an application problem, at least between *these
two* hosts. Concentrate on your configuration.
> Also, how is the priority passed to 3rd party programs. I get lines
> formatted as below, from which I can extract a time-stamp, hostname and
> message. But no priority. Is priority normally incorporated as a part of the
> message?
>
> <13>Mar 5 13:00:44 localhost TEST
I have links to in the informational RFC at
http://www.campin.net/syslog-ng/faq.html - which explains this.
--
Nate
"Fifty years of programming language research, and we end up with C++ ???"
- Richard A. O'Keefe.