[syslog-ng] Invalid frame header messages

Mr. Jan Walter hopping_hol at yahoo.com
Wed Dec 7 17:26:06 CET 2011


Hi everyone,

I compiled version 3.3.3 and tried getting a client and server to talk based on the documentation on the balabit site, specifically the documentation for OSE version 3.3.

The server config file:
--
source remotelogs { syslog( port(2072) transport(tcp) ); } ;

destination r_log { file("/var/log/remotelogs/all"); };

log{ source(remotelogs); destination(r_log); } ;
--
And the client sending:
--
# remote logging test log
#
@version: 3.3

source s_kern { file("/proc/kmsg"); };
source s_local { unix-stream("/dev/log"); internal(); };

destination d_file {file("/var/log/messages"); };
destination d_secure { file("/var/log/secure");};

# set the filters
filter f_messages { not facility(auth, authpriv);};
filter f_authpriv { facility(auth, authpriv); };

destination loghost {  tcp(10.195.105.214  port(2072) );  };
log { source(s_kern) ; source(s_local) ; filter(f_messages) ; destination(loghost) ; } ;
--

There are some other log directives there for local files, I'll post them if people want to see them

So when this runs, I get on the server:
Dec  7 11:18:05 xxxxxxxxxx syslog-ng[4188]: Syslog connection closed; fd='21', client='AF_INET(10.203.54.9:54837)', local='AF_INET(0.0.0.0:2072)'

And the client:
Dec  7 11:19:04 xxxxxxxxxxxx syslog-ng[1735]: Syslog connection established; fd='20', server='AF_INET(10.195.105.214:2072)', local='AF_INET(0.0.0.0:0)'

I read the email thread from 2009, and tried the vanilla configs - any ideas?

Thanks,

Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111207/d7e5bab9/attachment.htm 


More information about the syslog-ng mailing list