[syslog-ng] tcp/udp driver not binding correctly

[Gergely Nagy]

"N. Max Pierson" <nmaxpierson at gmail.com> writes:

> I've setup a LVS cluster which is working perfectly. The problem I am
> having is when I have a logical interface ip (or no ip at all, interface is
> eth0:1) when using the tcp/udp driver, it does not seem to bind correctly
> and accept messages on the port specified. When using udp, I try a port
> scan with nmap and it shows the port on the logical interface a "closed".
> When I try tcp, it shows "filtered". The primary ip on interface eth0
> accepts logs with no issues. Can syslog-ng bind to logical interfaces as
> described above and receive logs on multiple addresses??

While I haven't seen 2.1.x in ages, I believe it should be able to do
that, indeed.

You can check which addresses it listens on by running lsof -p $PID
(replace $PID with the actual pid of the syslog-ng process).

> A netstat -a shows *:syslog or when I outright specify the logical ip,
> it shows the logical ip, but as stated above ... it's either closed or
> filtered. I've searched all over, but it seems my google foo is not
> matching anything.

Might it not be a firewall in front of your system, somewhere? If lsof,
or netstat shows syslog-ng is bound to the right IP and port, then all
should be well.

-- 
|8]