[syslog-ng] More Solaris 10 Woes - tcp/udp issues

Patrick H. syslogng at feystorm.net
Wed Jul 21 23:18:11 CEST 2010 

With the first one (the s_tcp/s_udp), try putting an explicit IP 
address, just for gits and shiggles.
As for the second one, that expects the incoming data to be in the new 
IETF syslog format, so if its not, it puts the entire message into the 
message body with default headers (forget what the default is though). 
So you wont see these messages if that default facility/level doesnt go 
anywhere. You can either use the 'syslog-protocol' flag for the sending 
side on the tcp()/udp() destination, or use the syslog() destination driver.

Sent: Wednesday, July 21, 2010 2:48:02 PM
From: Chuck <chuck.carson at gmail.com>
To: Syslog-ng users' and developers' mailing list 
<syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] More Solaris 10 Woes - tcp/udp issues
>
> I can't get syslog-ng to listen on port 514 using the tcp or udp 
> sources. First, I have defined entries in /etc/services as follows:
> syslog-ng-udp   514/udp         syslog
> syslog-ng-tcp   514/tcp         syslog
>
>
> I have of course disabled the default system-log service.
>
> The following two I can't get to work/listen: (Verifying this with 
> netstat -a)
> source s_udp           { udp(port(514)); };
> source s_tcp           { tcp(port(514)); };
>
> I can get it to listen with the following:
> source s_syslog                { syslog( transport("udp") port(514) ); };
> OR
> source s_syslog                { syslog( transport("tcp") port(514) ); };
>
> # netstat -a
> UDP: IPv4
>    Local Address        Remote Address      State
> -------------------- -------------------- ----------
>       *.syslog-ng-udp                      Idle
>
> However, syslog-ng doesn't seem to be doing anything with this. I can 
> see the syslog message when snooping the interface on my syslog-ng server:
> root at log01:~# snoop -d nge0 udp port 514    
> Using device nge0 (promiscuous mode)
>   ds01 -> log01  SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:22:08
>   ds01 -> log01  SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:11
>   ds01 -> log01  SYSLOG C port=32947 daemon.crit: <26>Jul 21 13:23:17
>
> Here is the catch all log statement I am using:
> destination r_messages { file ("/var/adm/messages_test"); };
> log { source (s_syslog);                destination (r_messages); };
>
> Anyone have any ideas?
>
> Thx,
> CC
>
>
> ------------------------------------------------------------------------
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100721/32ffe9ac/attachment.htm

More information about the syslog-ng mailing list