[syslog-ng] udp 514 collision?
Richard Morgan
richard at northerncrown.com
Thu Jan 24 23:53:07 CET 2008
Hi all-
We're running syslog-ng in relay mode on a server which collects the udp
syslogs from generic syslogd on a number of Linux and Solaris hosts in a
single location.
All the hosts around the collector are able to send logs to the
collector, via 514/udp, and the logs are relayed on to our master server
successfully.
The problem comes on the relay host itself. We want to run syslog-ng as
independently as possible and not have it replace the local syslogd. So,
the local syslogd should send its logs via 514/udp to the syslog-ng
instance.
On RHEL4, it seems that the generic syslogd is showing as bound to
514/udp and any messages that the local syslogd would send on to syslog-ng are
lost.
Remember, this is all happening on the same host. Any syslog messages
from other hosts arrive at the syslog-ng relay and are swiftly relayed on to
the master server.
# netstat -an | grep 514
tcp 0 0 149.174.133.19:514 0.0.0.0:* LISTEN
tcp 0 0 149.174.133.19:9605 IP.FOR.SYSLOG-NG.MASTER:9514 ESTABLISHED
(I think this piece is the problem:)
udp 0 0 0.0.0.0:514 0.0.0.0:*
udp 0 0 149.174.133.19:514 0.0.0.0:*
syslog-ng Config bits:
------------------------------------------------------
source s_remote {
tcp(localip(149.174.133.19) port(514));
udp(localip(149.174.133.19) port(514));
};
destination d_relay {
tcp("IP.FOR.SYSLOG-NG.MASTER" port(9514));
};
log { source(s_remote); destination(d_relay); };
-------------------------------------------------------
Any ideas?
Richard
--------------------------------------------------------
Richard R. Morgan | richard at northerncrown.com
--------------------------------------------------------
More information about the syslog-ng
mailing list