[syslog-ng] Client forwarding to server

Evan Rempel erempel at uvic.ca
Thu Aug 30 07:47:16 CEST 2007 

Could also be tcp wrappers if the destination host is a syslog-ng server.

I got "hit" by this as the build changed somewhere around 2.0.3 to default to
using tcpwrappers, or perhaps that is when that feature was added.
I upgraded my central server, and lost all logging :-(

Anyhow, it was easy to configure the /etc/hosts.allow file.

Evan.

mailing list wrote:
> My syslog-ng is now running.  However, I cannot get the client to forward its
> messages to the server.  To be certain, I have disabled my firewall, on both
> the client and server side, but still get the below errors in
> /var/adm/messages.  The client is logging normally in /var/adm/messages.
> 
> Aug 29 14:54:33 client1 syslog-ng[18639]: Connection failed; error='Connection
> refused (146)', time_reopen='10'
> Aug 29 14:54:43 client1 syslog-ng[18639]: Connection failed; error='Connection
> refused (146)', time_reopen='10'
> Aug 29 14:54:53 client1 syslog-ng[18639]: Connection failed; error='Connection
> refused (146)', time_reopen='10'
> Aug 29 14:54:59 client1 syslog-ng[18639]: Log statistics;
> dropped='tcp(AF_INET(w.x.y.z:5140))=0', processed='center(queued)=8844',
> processed='center(received)=4424', processed='destination(messages)=4420',
> processed='destination(loghost)=4420', processed='destination(syslog)=4',
> processed='source(src)=4424'
> Aug 29 14:55:03 client1 syslog-ng[18639]: Connection failed; error='Connection
> refused (146)', time_reopen='10'
> 
> I have "destination loghost { tcp("w.x.y.z"  port(5140)); };" in my
> syslog-ng.conf on the client1.  Here's my complete syslog-ng.conf file on the
> client1 side.
> 
> options {
>         long_hostnames(off);
>         log_msg_size(8192);
>         sync(1);
>         log_fifo_size(2048);
>         bad_hostname("^(ctld.|cmd|tmd|last)$");
>         time_reopen(10);
> };
> 
> source src { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); };
> 
> destination syslog { file("/var/log/syslog"); };
> destination messages { file("/var/adm/messages"); };
> destination loghost { tcp("w.x.y.z" port(5140)); };
> 
> filter f_mail { facility(mail); };
> filter f_not_mail { not facility(mail); };
> 
> log { source(src); filter(f_mail); destination(syslog); };
> log { source(src); filter(f_not_mail); destination(messages); };
> 
> 
> Any help/pointer is greatly appreciated.  Thank you.
> 
> 
> 
>        
> ____________________________________________________________________________________
> Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
> http://smallbusiness.yahoo.com/webhosting 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>

More information about the syslog-ng mailing list