[syslog-ng] UDP Works, TCP Does Not

[Baxter, Scott]

Ip filtering is no issue as its not running on these 2 nodes.  UDP is
working but tcp is not.  Keep in mind that this is brand new to me...

This is Solaris 10 to Solaris 10.  Here is my short and simple config:

options {
use_fqdn(no);
use_dns(no);
log_fifo_size(4096);
log_msg_size(8192);
sync(0);
time_reopen(10);
stats(3600); };

source logs {
internal();
sun-streams("/dev/log");
udp();
tcp(max_connections(100) keep-alive(yes)); };

# Log files to log to send remotely...
source auth { file("/var/log/auth"); };
source cron { file("/var/log/cron"); };
source mail { file("/var/log/mail"); };

# My loghost and it's destination...
destination loghost { tcp("10.104.100.223" port (514)); };

# What we are sending off...
log { source(logs); destination(loghost); };
log { source(auth); destination(loghost); };
log { source(cron); destination(loghost); };
log { source(mail); destination(loghost); }; 

Any hints is appreciated.

Scott

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of
Valdis.Kletnieks at vt.edu
Sent: Friday, January 04, 2008 11:37 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] UDP Works, TCP Does Not

On Fri, 04 Jan 2008 15:26:59 MST, "Baxter, Scott" said:

> All, I am new to syslog-ng and want to use it for tcp remote logging, 
> (without ssh at this time).  I am testing from a Solaris 10 box, 
> sending logging files to another Solaris 10 box.  It sends them via 
> udp just fine.  But when I change that to TCP, no logging.  Not 
> finding much on the internet around this subject.  If anybody has any 
> info regarding this,  please send my way.

First guess? You need to look around in /etc/ipf and make sure that
ipfilters has been told to allow TCP connections in/out on the port
you're using for that (note that although by default syslog is 514/UDP,
you may need/want to pick an alternate port because historically 514/TCP
was 'rshell').