[syslog-ng] Invalid frame header messages
Mr. Jan Walter
hopping_hol at yahoo.com
Wed Dec 7 17:26:06 CET 2011
Hi everyone,
I compiled version 3.3.3 and tried getting a client and server to talk based on the documentation on the balabit site, specifically the documentation for OSE version 3.3.
The server config file:
--
source remotelogs { syslog( port(2072) transport(tcp) ); } ;
destination r_log { file("/var/log/remotelogs/all"); };
log{ source(remotelogs); destination(r_log); } ;
--
And the client sending:
--
# remote logging test log
#
@version: 3.3
source s_kern { file("/proc/kmsg"); };
source s_local { unix-stream("/dev/log"); internal(); };
destination d_file {file("/var/log/messages"); };
destination d_secure { file("/var/log/secure");};
# set the filters
filter f_messages { not facility(auth, authpriv);};
filter f_authpriv { facility(auth, authpriv); };
destination loghost { tcp(10.195.105.214 port(2072) ); };
log { source(s_kern) ; source(s_local) ; filter(f_messages) ; destination(loghost) ; } ;
--
There are some other log directives there for local files, I'll post them if people want to see them
So when this runs, I get on the server:
Dec 7 11:18:05 xxxxxxxxxx syslog-ng[4188]: Syslog connection closed; fd='21', client='AF_INET(10.203.54.9:54837)', local='AF_INET(0.0.0.0:2072)'
And the client:
Dec 7 11:19:04 xxxxxxxxxxxx syslog-ng[1735]: Syslog connection established; fd='20', server='AF_INET(10.195.105.214:2072)', local='AF_INET(0.0.0.0:0)'
I read the email thread from 2009, and tried the vanilla configs - any ideas?
Thanks,
Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111207/d7e5bab9/attachment.htm
More information about the syslog-ng
mailing list