[syslog-ng] port 514 not used

Matt Pinkham westphalia at gmail.com
Sat Aug 15 18:36:41 CEST 2009 

What is all this junk (msftedit and \par)?  Did you copy this file off and
edit it on a windows machine?  Can you find an the original syslog-ng.conf
that was shipped with the machine and edit that with 'vi' or something?   Is
syslog-ng even running?  It probably barfed on this config.. grep for
syslog-ng in your /var/log/messages and send the last few lines.

{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 #\par
# /etc/syslog-ng/syslog-ng.conf\par
#\par
# Automatically generated by SuSEconfig on Sat Aug 15 12:16:03 EDT 2009.\par
#\par
# PLEASE DO NOT EDIT THIS FILE!\par
#\par
# you can modify /etc/syslog-ng/syslog-ng.conf.in instead\par
#\par
#\par
#\par
# File format description can be found in syslog-ng.conf(5)\par
# and /usr/share/doc/packages/syslog-ng/syslog-ng.txt.\par
#\par
\par
#\par
# Global options.\par
#\par
options \{ long_hostnames(off); sync(0); perm(0640); stats(3600); \};\par
\par
#\par
# 'src' is our main source definition. you can add\par
# more sources driver definitions to it, or define\par
# your own sources, i.e.:\par
#\par
#source my_src \{ .... \};\par
#\par
source src \{\par
        #\par
        # include internal syslog-ng messages\par
        # note: the internal() soure is required!\par
        #\par
        internal();\par


On Sat, Aug 15, 2009 at 12:19 PM, <stephen.greenfield at wachovia.com> wrote:

>
> I should have sent more detail originally.
>
>         system:                        SLES10 PatchLevel 1
>
>         release:                syslog-ng-1.6.8-20.18
>
>         server function:                syslog server, collecting syslog's
> from various clients
>
>         problem:                want to open port 514 to collect syslog
> info over network
>
>         description:                without changing the default
> syslog-ng.conf, the server
>                                 collects local syslog information, I
> uncomment the udp
>                                 source entry and restart the daemon.  The
> syslog-ng
>                                 then shows listening on various ports,
> never constant
>                                 and never port 514.
>
>
>
> # netstat -anp | grep LISTEN | grep 53
> unix  2      [ ACC ]     STREAM     LISTENING     5364   2161/acpid
>  /var/run/acpid.socket
> unix  2      [ ACC ]     STREAM     LISTENING     5307   2134/resmgrd
>  /var/run/.resmgr_socket
>
>
>
> syslog-ng-bounces at lists.balabit.hu wrote on 08/15/2009 11:09:23 AM:
>
> > Post your config.  Also, try 'netstat -anp |
> > grep LISTEN | grep 53' and post that (so there
> > is no services resolving issue).
> >
> > -Matt
>
> > On Sat, Aug 15, 2009 at 10:27 AM, <stephen.
> > greenfield at wachovia.com> wrote:
> >
> > I configure syslog-ng to use udp port 514, on
> > the syslog server receiving log messages.  When
> > I issue a `netstat -lp | grep syslog` it shows
> > different ports but never 514.  Any ideas why?
> >
> > /steve
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>


-- 
Some men see things as they are and ask why. I see things that never were
and ask for initiative rolls.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090815/a7bacad6/attachment-0001.htm

More information about the syslog-ng mailing list