[syslog-ng] Client forwarding to server

Geller, Sandor (IT) Sandor.Geller at morganstanley.com
Thu Aug 30 09:52:12 CEST 2007 

Hello,

> My syslog-ng is now running.  However, I cannot get the 
> client to forward its
> messages to the server.  To be certain, I have disabled my 
> firewall, on both
> the client and server side, but still get the below errors in
> /var/adm/messages.  The client is logging normally in 
> /var/adm/messages.
> 
> Aug 29 14:54:33 client1 syslog-ng[18639]: Connection failed; 
> error='Connection
> refused (146)', time_reopen='10'
> Aug 29 14:54:43 client1 syslog-ng[18639]: Connection failed; 
> error='Connection
> refused (146)', time_reopen='10'
> Aug 29 14:54:53 client1 syslog-ng[18639]: Connection failed; 
> error='Connection
> refused (146)', time_reopen='10'
> Aug 29 14:54:59 client1 syslog-ng[18639]: Log statistics;
> dropped='tcp(AF_INET(w.x.y.z:5140))=0', 
> processed='center(queued)=8844',
> processed='center(received)=4424', 
> processed='destination(messages)=4420',
> processed='destination(loghost)=4420', 
> processed='destination(syslog)=4',
> processed='source(src)=4424'

This message shows your syslog-ng received 4424 messages, 4 out
of 4424 were logged to /var/log/syslog, 4420 were sent to
/var/adm/messages and (I think the same) 4420 were sent to the
loghost destination.

> Aug 29 14:55:03 client1 syslog-ng[18639]: Connection failed; 
> error='Connection
> refused (146)', time_reopen='10'

You should look after why the peer is refusing the connections.
You've got a few hints already from other list members.

> I have "destination loghost { tcp("w.x.y.z"  port(5140)); };" in my
> syslog-ng.conf on the client1.  Here's my complete 
> syslog-ng.conf file on the
> client1 side.
> 
> options {
>         long_hostnames(off);
>         log_msg_size(8192);
>         sync(1);
>         log_fifo_size(2048);
>         bad_hostname("^(ctld.|cmd|tmd|last)$");
>         time_reopen(10);
> };
> 
> source src { sun-stream("/dev/log" 
> door("/etc/.syslog_door")); internal(); };
> 
> destination syslog { file("/var/log/syslog"); };
> destination messages { file("/var/adm/messages"); };
> destination loghost { tcp("w.x.y.z" port(5140)); };
> 
> filter f_mail { facility(mail); };
> filter f_not_mail { not facility(mail); };
> 
> log { source(src); filter(f_mail); destination(syslog); };
> log { source(src); filter(f_not_mail); destination(messages); };
> 
> 
> Any help/pointer is greatly appreciated.  Thank you.

Here is no indication why syslog-ng should send messages to
the loghost destination. Something tells me this is NOT the
actual syslog-ng.conf that your syslog-ng is using.

Regards,

Sandor
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.

More information about the syslog-ng mailing list