[syslog-ng] Trouble with switches and syslog-ng

[Balazs Scheidler]

On Wed, 2007-04-04 at 11:01 -0400, Jean-Michel Philippon-Nadeau wrote:
> Good day everyone,
> 
> 	We use syslog-ng to store and organize the logs of our machines 
> (~3900). For every host we have, syslog-ng creates a folder with the 
> hostname or the ip address (if it couldn't determine the hostname) of 
> the machine and then stores the logs.
> 
> 	We also have 5 switches that can report logs with standard syslog 
> capabilities (udp on port 514). The problem is that syslog-ng doesn't 
> create the folder for these switches and doesn't store their logs. I 
> made sure there was no network problems by using tcpdump - the packets 
> correctly made it to the central syslog-ng host. Yes, of course, I made 
> sure udp(); was in my source declaration.
> 
> 	Does anyone know how I can make sure syslog-ng receives the logs?

the message sent by the switch might not be in a format that syslog-ng
accepts and this way the message gets to the wrong destination.

can you paste a single log message as received by the syslog-ng host?
ie. a message you captured using tcpdump.

btw: you also made sure that no packet filtering is involved, right?

-- 
Bazsi