[syslog-ng] Syslog-ng via TCP socket
Balazs Scheidler
bazsi at balabit.hu
Fri Feb 8 10:04:56 CET 2008
On Thu, 2008-02-07 at 16:47 -0500, Lathrop_Steve at emc.com wrote:
> I don't see a similar issue in the archives and I went back to August
> 2006...
>
> I am trying to send a message following RFC3164 to a syslog-ng daemon
> reading from port 601 on a SLES-10 Linux machine. The format of the
> message is:
>
> <64>Feb 7 16:42:03 c4dev-lathrs1 TAG: smlSocket Test TCP syslog buffer
> msg
>
> The reason for me to send the message is to understand whether the
> message was delivered (not necessarily written to disk).
>
> When I send the message to a UDP port (514) on the machine, I can see
> the message just fine.
>
> When I send the exact same message to the TCP port, I see the receipt
> processing (via strace), but nothing shows up in the /var/log/messages
> file.
>
> The version of syslog-ng is 1.6.8 according to what is in
> /var/log/messages
>
> Any suggestions?
>
> The /etc/services file references 601 as being syslog-conn for both tcp
> and udp
>
> syslog-conn 601/tcp # Reliable Syslog Service
> syslog-conn 601/udp # Reliable Syslog Service
>
> The remote config file is:
On the TCP transport you need to terminate the line via either NL or NUL
character, otherwise syslog-ng will start waiting for the end-of-line.
--
Bazsi
More information about the syslog-ng
mailing list