[syslog-ng]syslog-ng problem

Pavel Urban syslog-ng@lists.balabit.hu
Thu, 14 Oct 2004 08:13:15 +0200 

Sorry, I was already pretty asleep while I was sending this. The problem 
refers to TCP remote logging, when client is set with source port 5140. 
I can see error messages in client's system log - it complains that 
AF_INET connection to central logging system cannot be established.

Pavel Urban wrote:
> Hello,
> 
> we are having a problem with syslog-ng ver. 1.6.2. On one RedHat Linux 
> ES 3, I've seen that it sends SYN, receives ACK and immediately sends 
> RST. Anybody seen this behaviour?
> 
> 20:26:34.610520 192.168.30.28.5140 > 192.168.30.162.5140: S 
> 1768598228:1768598228(0) win 5840 <mss 1460,sackOK,timestamp 885631 
> 0,nop,wscale 0> (DF)
> 20:26:34.610660 192.168.30.162.5140 > 192.168.30.28.5140: . ack 1 win 
> 62928 <nop,nop,timestamp 1022214670 497333> (DF)
> 20:26:34.610711 192.168.30.28.5140 > 192.168.30.162.5140: R 
> 611445588:611445588(0) win 0 (DF)
> 20:27:22.610006 192.168.30.28.5140 > 192.168.30.162.5140: S 
> 1768598228:1768598228(0) win 5840 <mss 1460,sackOK,timestamp 890431 
> 0,nop,wscale 0> (DF)
> 20:27:22.610152 192.168.30.162.5140 > 192.168.30.28.5140: . ack 1 win 
> 62928 <nop,nop,timestamp 1022239252 497333> (DF)
> 20:27:22.610195 192.168.30.28.5140 > 192.168.30.162.5140: R 
> 611445588:611445588(0) win 0 (DF)
> 
> When I try eg telnet, it works just fine.
> 
> 20:30:56.617785 192.168.30.28.32908 > 192.168.30.162.5140: S 
> 2089428237:2089428237(0) win 5840 <mss 1460,sackOK,timestamp 911833 
> 0,nop,wscale 0> (DF) [tos 0x10]
> 20:30:56.617995 192.168.30.162.5140 > 192.168.30.28.32908: S 
> 1997864569:1997864569(0) ack 2089428238 win 5792 <mss 
> 1380,sackOK,timestamp 1022348859 911833,nop,wscale 0> (DF)
> 20:30:56.618051 192.168.30.28.32908 > 192.168.30.162.5140: . ack 1 win 
> 5840 <nop,nop,timestamp 911833 1022348859> (DF) [tos 0x10]
> 20:31:01.079466 192.168.30.28.32908 > 192.168.30.162.5140: F 1:1(0) ack 
> 1 win 5840 <nop,nop,timestamp 912279 1022348859> (DF) [tos 0x10]
> 20:31:01.079677 192.168.30.162.5140 > 192.168.30.28.32908: F 1:1(0) ack 
> 2 win 5792 <nop,nop,timestamp 1022351145 912279> (DF)
> 20:31:01.079717 192.168.30.28.32908 > 192.168.30.162.5140: . ack 2 win 
> 5840 <nop,nop,timestamp 912279 1022351145> (DF) [tos 0x10]
> 
> 


-- 
***********************************************************************
Pavel Urban (pavel.urban@imaginet.cz)
IOL system disaster
Internet OnLine, owned by Cesky Telecom, a.s. (www.ct.cz)
***********************************************************************
    Vegetables should not operate electronic equipment.
           Computer Stupidities, http://rinkworks.com/stupid/
***********************************************************************