[syslog-ng] Syslog-ng not receiving messages

Wed Nov 17 22:44:21 CET 2010

Hi
I am new to syslog-ng and I have gone through other post to see if  I can
get a resolution to my problem.
Syslog is not writing to the destination file any messages received on udp()
or tcp().
I have made sure that syslog server is receiving the syslog messages as seen
from the tcpdump

15:09:55.422423 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.warning, length: 153
15:09:55.434638 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.info, length: 184
15:09:55.470383 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.info, length: 176
15:09:55.473519 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.info, length: 190
15:09:55.493361 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.info, length: 180
15:09:55.493748 IP aspsyslog.sungardebs.com.ssh > nim.sungardebs.com.42703:
P 128608:129696(1088) ack 289 win 461 <nop,nop,timestamp 88706531
1310848493>
15:09:55.495519 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.info, length: 188
15:09:55.495548 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.debug, length: 90
15:09:55.495556 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.debug, length: 85
15:09:55.521115 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.debug, length: 87
15:09:55.521188 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.info, length: 188
15:09:55.522041 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.info, length: 175
15:09:55.522212 IP 10.140.141.7.syslog > aspsyslog.sungardebs.com.syslog:
SYSLOG local4.info, length: 164

Here is how my syslog-ng config looks.

@version: 3.0
#Default configuration file for syslog-ng.
#
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator's guide at:
#
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
#

options {
    chain_hostnames(no);
    create_dirs (no);
    dir_perm(0755);
    dns_cache(no);
    keep_hostname(yes);
    log_fifo_size(2048);
    log_msg_size(1024);
    log_iw_size (500);
    long_hostnames(on);
    perm(0644);
    stats_freq(3600);
    flush_lines(100);
    time_reopen (10);
    use_dns(no);
    use_fqdn(yes);
#    max_connections(100);

};

source s_all {
udp(so_rcvbuf(2048576));
tcp();
unix-stream("/dev/log");
internal();
file("/proc/kmsg");
};

destination d_file_normal {file("/var/log/messages_syslog-ng.log"); };

log { source(s_all); destination (d_file_normal); };

Any help would be greatly appreciated.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101117/1afc932c/attachment.htm 