[syslog-ng] Syslog-ng not receiving messages
keshava V
mv.keshava at gmail.com
Thu Nov 18 00:47:09 CET 2010
That's it. It is iptables. The moment I stopped iptables I see the syslog
messages written to the file. Now I can work on seggregating them based on
host IP the messages are coming from.
Thanks all for you help with this.
On Wed, Nov 17, 2010 at 5:42 PM, Patrick H. <syslogng at feystorm.net> wrote:
> do you have any iptables rules? `iptables -nvL` `iptables -nvL -t nat`
> `iptables -nvL -t mangle`
> About the only thing I can think of off the top of my head. There might be
> some sysctl option to disable UDP, but I dont know it if it does exist.
>
> Sent: Wed Nov 17 2010 16:39:57 GMT-0700 (Mountain Standard Time)
>
> From: keshava V <mv.keshava at gmail.com> <mv.keshava at gmail.com>
> To: Syslog-ng users' and developers' mailing list
> <syslog-ng at lists.balabit.hu> <syslog-ng at lists.balabit.hu>
> Subject: Re: [syslog-ng] Syslog-ng not receiving messages
>
> Looks like it is getting blocked somewhere as you thought. How come tcpdump
> output is seeing all the udp syslog-ng messages?
>
> [root at aspsyslog ~]# /etc/init.d/syslog-ng start
> Starting syslog-ng: [ OK ]
> [root at aspsyslog ~]# /etc/init.d/syslog-ng stop
> Stopping syslog-ng: [ OK ]
> [root at aspsyslog ~]# nc -u -l 514
>
> getting nothing...!
>
>
>
> On Wed, Nov 17, 2010 at 5:34 PM, Patrick H. <syslogng at feystorm.net> wrote:
>
>> Ok, lets see if the problem is before it gets to syslog-ng or after. Shut
>> syslog-ng down and do 'nc -u -l 514' and see if it gets anything. That'll
>> dump out all traffic received. If it gets it, the problem is syslog-ng, if
>> it doesnt get it the traffic is getting blocked somehow.
>>
>> Sent: Wed Nov 17 2010 16:30:12 GMT-0700 (Mountain Standard Time)
>>
>> From: keshava V <mv.keshava at gmail.com> <mv.keshava at gmail.com>
>> To: Syslog-ng users' and developers' mailing list
>> <syslog-ng at lists.balabit.hu> <syslog-ng at lists.balabit.hu>
>> Subject: Re: [syslog-ng] Syslog-ng not receiving messages
>>
>> syslog-ng is using 514 as expected.
>>
>> [root at aspsyslog ~]# netstat -upnl | grep ":514"
>> udp 0 0 0.0.0.0:514 0.0.0.0:*
>> 8789/syslog-ng
>>
>> Thanks
>>
>>
>> On Wed, Nov 17, 2010 at 5:27 PM, Patrick H. <syslogng at feystorm.net>wrote:
>>
>>> There isnt something already listening on udp 514 is there?
>>> netstat -upnl | grep ":514"
>>>
>>> Sent: Wed Nov 17 2010 16:23:44 GMT-0700 (Mountain Standard Time)
>>> From: keshava V <mv.keshava at gmail.com> <mv.keshava at gmail.com>
>>> To: Syslog-ng users' and developers' mailing list
>>> <syslog-ng at lists.balabit.hu> <syslog-ng at lists.balabit.hu>
>>> Subject: Re: [syslog-ng] Syslog-ng not receiving messages
>>>
>>> Further,
>>>
>>> I have tried setting the kernel parameters without any luck
>>>
>>> [root at aspsyslog ~]# sysctl -w net.core.rmem_max=8388608
>>> [root at aspsyslog ~]# sysctl -w net.core.rmem_default=1048576
>>>
>>> [SNIP]
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>>>
>>>
>> ------------------------------
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>>
> ------------------------------
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101117/b9066a8e/attachment-0001.htm
More information about the syslog-ng
mailing list