[syslog-ng] client -> server logging.. filters?

Balazs Scheidler bazsi at balabit.hu
Fri Apr 8 20:52:17 CEST 2011


Hi,

On Fri, 2011-04-08 at 11:22 -0700, Matt Wise wrote:
> I'm doing some logging from clients -> servers via syslog-ng over a TCP session with stunnel. On my client, I'm seeing some log messages come in that are not making it to the server.. reliably. I don't have any filtering setup I don't think — is there some default setting somewhere that I don't know about that only passes certain types of messages to the remote dest? Do I need to specify somewhere 'send all'?

Can I ask why you are using stunnel instead of the built-in SSL support
in syslog-ng?

> 
> Whats quite strange is that I have the hosts logging to 2 systems right now.. old syslog-ng server, and new one. The old one is getting all  of the messages, but the new one is ignoring messages like these:
> 
> Apr  8 18:21:43 xxx stunnel: LOG5[5459:1079724352]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
> 
> It seems to get all other messages.. but messages that have that LOG5 or LOG3 or LOG7 appended to them seem to get lost in translation... any ideas?

this sounds like a strange bug to me, if it is indeed a bug. can you
check that:

1) the messages in question really reach syslog-ng (running syslog-ng in
foreground and in debug mode will tell you what it did receive)

2) if they do, then it's probably with the configuration

3) if they don't, then it's a client issue.

-- 
Bazsi



More information about the syslog-ng mailing list