[syslog-ng] More Solaris 10 Woes - tcp/udp issues

[Chuck]

I can't get syslog-ng to listen on port 514 using the tcp or udp sources.
First, I have defined entries in /etc/services as follows:
syslog-ng-udp   514/udp         syslog
syslog-ng-tcp   514/tcp         syslog


I have of course disabled the default system-log service.

The following two I can't get to work/listen: (Verifying this with netstat
-a)
source s_udp           { udp(port(514)); };
source s_tcp           { tcp(port(514)); };

I can get it to listen with the following:
source s_syslog                { syslog( transport("udp") port(514) ); };
OR
source s_syslog                { syslog( transport("tcp") port(514) ); };

# netstat -a
UDP: IPv4
   Local Address        Remote Address      State
-------------------- -------------------- ----------
      *.syslog-ng-udp                      Idle

However, syslog-ng doesn't seem to be doing anything with this. I can see
the syslog message when snooping the interface on my syslog-ng server:
root at log01:~# snoop -d nge0 udp port 514
Using device nge0 (promiscuous mode)
  ds01 -> log01  SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:22:08
  ds01 -> log01  SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:11
  ds01 -> log01  SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:17

Here is the catch all log statement I am using:
destination r_messages { file ("/var/adm/messages_test"); };
log { source (s_syslog);                destination (r_messages); };

Anyone have any ideas?

Thx,
CC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100721/74684eb0/attachment-0001.htm