[syslog-ng] Syslog-ng not receiving messages
Patrick H.
syslogng at feystorm.net
Thu Nov 18 00:42:41 CET 2010
do you have any iptables rules? `iptables -nvL` `iptables -nvL -t nat`
`iptables -nvL -t mangle`
About the only thing I can think of off the top of my head. There might
be some sysctl option to disable UDP, but I dont know it if it does exist.
Sent: Wed Nov 17 2010 16:39:57 GMT-0700 (Mountain Standard Time)
From: keshava V <mv.keshava at gmail.com>
To: Syslog-ng users' and developers' mailing list
<syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Syslog-ng not receiving messages
> Looks like it is getting blocked somewhere as you thought. How come
> tcpdump output is seeing all the udp syslog-ng messages?
>
> [root at aspsyslog ~]# /etc/init.d/syslog-ng start
> Starting syslog-ng: [ OK ]
> [root at aspsyslog ~]# /etc/init.d/syslog-ng stop
> Stopping syslog-ng: [ OK ]
> [root at aspsyslog ~]# nc -u -l 514
>
> getting nothing...!
>
>
>
> On Wed, Nov 17, 2010 at 5:34 PM, Patrick H. <syslogng at feystorm.net
> <mailto:syslogng at feystorm.net>> wrote:
>
> Ok, lets see if the problem is before it gets to syslog-ng or
> after. Shut syslog-ng down and do 'nc -u -l 514' and see if it
> gets anything. That'll dump out all traffic received. If it gets
> it, the problem is syslog-ng, if it doesnt get it the traffic is
> getting blocked somehow.
>
> Sent: Wed Nov 17 2010 16:30:12 GMT-0700 (Mountain Standard Time)
>
> From: keshava V <mv.keshava at gmail.com> <mailto:mv.keshava at gmail.com>
> To: Syslog-ng users' and developers' mailing list
> <syslog-ng at lists.balabit.hu> <mailto:syslog-ng at lists.balabit.hu>
> Subject: Re: [syslog-ng] Syslog-ng not receiving messages
>> syslog-ng is using 514 as expected.
>>
>> [root at aspsyslog ~]# netstat -upnl | grep ":514"
>> udp 0 0 0.0.0.0:514
>> <http://0.0.0.0:514>
>> 0.0.0.0:* 8789/syslog-ng
>>
>> Thanks
>>
>>
>> On Wed, Nov 17, 2010 at 5:27 PM, Patrick H.
>> <syslogng at feystorm.net <mailto:syslogng at feystorm.net>> wrote:
>>
>> There isnt something already listening on udp 514 is there?
>> netstat -upnl | grep ":514"
>>
>> Sent: Wed Nov 17 2010 16:23:44 GMT-0700 (Mountain Standard Time)
>> From: keshava V <mv.keshava at gmail.com>
>> <mailto:mv.keshava at gmail.com>
>> To: Syslog-ng users' and developers' mailing list
>> <syslog-ng at lists.balabit.hu> <mailto:syslog-ng at lists.balabit.hu>
>> Subject: Re: [syslog-ng] Syslog-ng not receiving messages
>>> Further,
>>>
>>> I have tried setting the kernel parameters without any luck
>>>
>>> [root at aspsyslog ~]# sysctl -w net.core.rmem_max=8388608
>>> [root at aspsyslog ~]# sysctl -w net.core.rmem_default=1048576
>>>
>> [SNIP]
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>>
>> ------------------------------------------------------------------------
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ------------------------------------------------------------------------
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101117/a62b2a11/attachment.htm
More information about the syslog-ng
mailing list