[syslog-ng] SYSLOG RELAY CONF FILE

[anthony lineham]

TCP dump only tells you that the message arrived at your device but it
doesn't tell
you if syslog-ng actually received the message. 

In addition to netstat you could also set up a temporary file
destination to confirm
that syslog-ng is getting the messages.

Anthony
 
>>> Ronald Jones <RonaldJones at dtcc.com> 07/06/07 7:25 AM >>> 
The syslog- ng server receives the messages. The issue is the
forwarding of 
the messages to a destination that is not working. 

#sample syslog- ng.conf for a remote client
source src
        {
                udp (ip(0.0.0.0) port (514));
                tcp (ip(0.0.0.0) port (514));

        };

destination loghos
           {
                                        udp ("172.22.134.58"
port(514));
                                        udp ("172.22.134.55"
port(514));

                };

log             {
                        source (src); destination (loghos);
                };





"Geller, Sandor (IT)" <Sandor.Geller at morganstanley.com> 
Sent by: syslog- ng- bounces at lists.balabit.hu
07/05/2007 11:02 AM
Please respond to
Syslog- ng users' and developers' mailing list <syslog-
ng at lists.balabit.hu>


To
"Syslog- ng users' and developers' mailing list" 
<syslog- ng at lists.balabit.hu>
cc

Subject
RE: [syslog- ng] SYSLOG RELAY CONF FILE






Hello,

> Hi, 
>         I would like to use SYSLOG- NG to relay syslog 
> messages received to multiple destinations.  Through TCPDUMP 
> I can tell I receive the messages but they aren't not being 
> sent to the destionations. Any help will be greatly 
> aprreciated of course... 

First check using netstat or lsof whether syslog- ng was able to
bind to port 514 or not, and if yes then I propose using truss/
strace to check whether syslog- ng receives the packets.

Regards,

Sandor
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender

does not intend to waive confidentiality or privilege. Use of this
email 
is prohibited when received in error.
_______________________________________________
syslog- ng maillist  -   syslog- ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog- ng
Frequently asked questions at http://www.campin.net/syslog-
ng/faq.html




________________________________________________________

DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses.  The company
accepts no liability for any damage caused by any virus transmitted
by this email.