[syslog-ng] ICMP port unreachable sent to one of logging hosts

[Karel Hendrych]

Hi,
  I'm experiencing strange issue with syslog-ng 2.0.5 build on a CentOS4
machine. One of a logging hosts receives after syslog message a ICMP
port unreachable message sent from machine running syslog-ng. Other
hosts logging is working fine. The only difference between logging hosts
and this single not logging host is a little bit faster logging rate.
Aprox. 10 log records/s. Debug option did not show something interesting
why the syslog's are not being accepted. There is no firewall/filtering
on the log server. Here is my simple config:

options {
        use_fqdn(no);
        use_dns(persist_only);
        dns_cache_hosts(/etc/hosts);
        keep_hostname(yes);
        long_hostnames(off);
        sync(1);
        log_fifo_size(1024);
        perm(0640);
};

source src {
        udp(ip("0.0.0.0") port(514) so_rcvbuf(4194304) );
        tcp(ip("0.0.0.0") port(514));
};

source self {
        internal();
};

destination central {file("/var/log/central/$HOST_FROM.log"); };
destination self {file("/var/log/central/syslog-ng.log"); };

log { source(src); destination(central); };
log { source(self); destination(self); };




netstat -su output:
20578970 packets to unknown port received.
464 packet receive errors
190828 packets sent


Does anyone have some idea how to deal with it?

--
Karel