[syslog-ng] syslog problem

Jim Hendrick jrhendri at roadrunner.com
Wed Jul 9 04:14:56 CEST 2014 

OK - The best advice I can give is to try and narrow down what the
difference is between the system whose logs you are seeing and the one
you are not.

One point from your note - your server is not "polling" logs (that is -
it is not sending packets to the firewalls to retrieve the data). A
syslog process is *sending* logs to your server, so before you do
anything else:

First - make certain the logs are actually leaving the server that you
don't see.

Very specifically: use tcpdump to verify that you see packets.
You can do this from the firewall itself (to make sure the packets are
being sent)
If you see packets leaving the firewall for the correct destination
(address, port and protocol) then
use tcpdump on your syslog server to check if the packets are arriving.

(you can check this in either order - but you need to know for certain
the packets are arriving at the log server BEFORE you spend any more
time wondering what the problem is)

If you don't know how to do this - take the opportunity and learn. It is
pretty straightforward and the skill will serve you well in lots of
future debugging.

There is NO purpose in looking at the syslog configuration if you are
not absolutely sure the packets are arriving.

(I have seen many instances where I thought the server was sending logs
when it simply was not)

Good luck!
Jim

On 07/08/2014 07:27 AM, Riyas Ahamed wrote:
> Hi,
>
> Iam using Cenos 6.5 operating system and syslog-ng version is 3.2.5.
>
> I have connected two firewalls to syslog-ng server to poll the logs. But I can get log of one firewall and another firewall logs are not polling into syslog-ng server.
>
>
> In this mail I have attached my syslogng configuration file and log results of syslog-ng.
>
>
> Please help me to get poll all types of logs in syslog-ng server of both the firewalls.
>
>
> Thanks
> Riaz Ahmed
> (9047166496)
>
> ________________________________________
> From: syslog-ng-bounces at lists.balabit.hu [syslog-ng-bounces at lists.balabit.hu] on behalf of jrhendri at roadrunner.com [jrhendri at roadrunner.com]
> Sent: Friday, July 04, 2014 6:24 PM
> To: Syslog-ng users' and developers' mailing list; stuart.green at doccentrics.com
> Subject: Re: [syslog-ng] syslog problem
>
> seriously - we are going to need more information to be any help.
> what configuration?
> what have you checked?
> what results are you seeing ?
>
> that said - at least you can check if the packets are getting to your syslog server with tcpdump.
>
> Jim
> ---- Stuart Green <stuart.green at doccentrics.com> wrote:
>> Hi,
>>
>> With no information on the environment, or setup thus far all I can
>> suggest is:
>>
>> Can you  verify that the syslog-ng server is accepting connections
>> across your lan by doing some analysis with netcat?
>>
>> http://www.rackspace.com/knowledge_center/article/testing-network-services-with-netcat
>>
>> Regards,
>> Stuart
>>
>>> Hi,
>>>
>>> I have configured syslog-ng but I cannot able to see logs of network
>>> devices in syslog-ng server. Please help me to sort-out the problem.
>>>
>>> Regards,
>>>
>>> **
>>>
>>> *N.B.Riaz Ahmed*
>>>
>>> http://www.csscorp.com/common/email-disclaimer.php
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
> http://www.csscorp.com/common/email-disclaimer.php
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140708/fc4234ba/attachment.htm

More information about the syslog-ng mailing list