[syslog-ng] client -> server logging.. filters?
Balazs Scheidler
bazsi at balabit.hu
Fri Apr 8 20:52:17 CEST 2011
Hi,
On Fri, 2011-04-08 at 11:22 -0700, Matt Wise wrote:
> I'm doing some logging from clients -> servers via syslog-ng over a TCP session with stunnel. On my client, I'm seeing some log messages come in that are not making it to the server.. reliably. I don't have any filtering setup I don't think — is there some default setting somewhere that I don't know about that only passes certain types of messages to the remote dest? Do I need to specify somewhere 'send all'?
Can I ask why you are using stunnel instead of the built-in SSL support
in syslog-ng?
>
> Whats quite strange is that I have the hosts logging to 2 systems right now.. old syslog-ng server, and new one. The old one is getting all of the messages, but the new one is ignoring messages like these:
>
> Apr 8 18:21:43 xxx stunnel: LOG5[5459:1079724352]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
>
> It seems to get all other messages.. but messages that have that LOG5 or LOG3 or LOG7 appended to them seem to get lost in translation... any ideas?
this sounds like a strange bug to me, if it is indeed a bug. can you
check that:
1) the messages in question really reach syslog-ng (running syslog-ng in
foreground and in debug mode will tell you what it did receive)
2) if they do, then it's probably with the configuration
3) if they don't, then it's a client issue.
--
Bazsi
More information about the syslog-ng
mailing list