[syslog-ng] Switching the syslog-ng central server - client messages go missing

Cottington-Bray, Ian ian.cottington-bray at mclaren.com
Wed Apr 27 13:23:08 CEST 2016


Thanks

Unfortunately not.

Ian

Ian Cottington-Bray  | Senior Infrastructure Engineer – Linux/Unix | McLaren Technology Group Limited
McLaren Technology Centre, Chertsey Road, Woking, Surrey GU21 4YH, UK

T:  +44 (0) 1483 261 900
D:  +44 (0) 1483 262 357
E:  ian.cottington-bray at mclaren.com
W: www.mclaren.com<http://www.mclaren.com/>

From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Fekete, Róbert
Sent: 27 April 2016 12:16
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Switching the syslog-ng central server - client messages go missing

Maybe a local firewall/packet filter that is running on the Solaris 11 server?

On Wed, Apr 27, 2016 at 1:11 PM, Cottington-Bray, Ian <ian.cottington-bray at mclaren.com<mailto:ian.cottington-bray at mclaren.com>> wrote:
PS I restarted syslog-ng on one client system in the hope that it would prevent the client having issues – it made no difference.

Ian

Ian Cottington-Bray  | Senior Infrastructure Engineer – Linux/Unix | McLaren Technology Group Limited
McLaren Technology Centre, Chertsey Road, Woking, Surrey GU21 4YH, UK

T:  +44 (0) 1483 261 900<tel:%2B44%20%280%29%201483%20261%20900>
D:  +44 (0) 1483 262 357<tel:%2B44%20%280%29%201483%20262%20357>
E:  ian.cottington-bray at mclaren.com<mailto:ian.cottington-bray at mclaren.com>
W: www.mclaren.com<http://www.mclaren.com/>

From: syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu> [mailto:syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu>] On Behalf Of Cottington-Bray, Ian
Sent: 27 April 2016 12:07

To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: Re: [syslog-ng] Switching the syslog-ng central server - client messages go missing

Thanks for the feedback – had to wait for a period to test again.

Comments below

Ian Cottington-Bray  | Senior Infrastructure Engineer – Linux/Unix | McLaren Technology Group Limited
McLaren Technology Centre, Chertsey Road, Woking, Surrey GU21 4YH, UK

T:  +44 (0) 1483 261 900<tel:%2B44%20%280%29%201483%20261%20900>
D:  +44 (0) 1483 262 357<tel:%2B44%20%280%29%201483%20262%20357>
E:  ian.cottington-bray at mclaren.com<mailto:ian.cottington-bray at mclaren.com>
W: www.mclaren.com<http://www.mclaren.com/>

From: syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Scheidler, Balázs
Sent: 21 April 2016 10:33
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: Re: [syslog-ng] Switching the syslog-ng central server - client messages go missing

hmm... couple of things come to mind, not all syslog-ng related:

1)      are those messages actually arriving on the host (check with tcpdump)
Sometimes – I see network packets being sent some of the time (by the client) but not always

2)      is the local firewall letting them through?
There is no firewall on this network

3)      is syslog-ng bound to a specific ip/port or it is bound to 0.0.0.0? (check that with netstat)
Specific IP/port (514) – several IPs in fact

4)      you should be able to use telnet/netcat on the client host to check if the port on the solaris11 box is open
The port is open

5)      if all else fails, check the syslog-ng config, but that shouldn't be a problem
It looks OK to me ..
It almost looks like the client systems don’t send all the time – which is VERY strange and I’m struggling to understand why.  The client systems seem to send a few messages immediately after syslog-ng starts on the central server and then stop sending …
If I shutdown the new server and bring up the old one the messages start appearing in the logs as I would expect.
Any suggestions ?
Bazsi

--
Bazsi

On Wed, Apr 20, 2016 at 4:51 PM, Cottington-Bray, Ian <ian.cottington-bray at mclaren.com<mailto:ian.cottington-bray at mclaren.com>> wrote:
Hi

I have a Solaris 10 server running version 3.0 of syslog-ng.

I have built a new server running Solaris 11 with version 3.6 of syslog-ng installed.

I have tested the new server by pointing another client at it and messages appear in the configured files as expected.

I then shut down the Solaris 10 server – change the Solaris 11 server IP configuration to match the details for the Solaris 10 server – restart syslog-ng on the Solaris 11 server.    Things seem to be working ok – except for the (Solaris and Linux) clients using syslog-ng (and referencing the central syslog-ng server by IP) their messages do not arrive at the expected files.

Any suggestions ?

Ian

Ian Cottington-Bray  | Senior Infrastructure Engineer – Linux/Unix | McLaren Technology Group Limited
McLaren Technology Centre, Chertsey Road, Woking, Surrey GU21 4YH, UK

T:  +44 (0) 1483 261 900<tel:%2B44%20%280%29%201483%20261%20900>
D:  +44 (0) 1483 262 357<tel:%2B44%20%280%29%201483%20262%20357>
E:  ian.cottington-bray at mclaren.com<mailto:ian.cottington-bray at mclaren.com>
W: www.mclaren.com<http://www.mclaren.com/>


The contents of this e-mail are confidential and for the exclusive use of the intended recipient. If you are not the intended recipient you should not read, copy, retransmit or disclose its contents. If you have received this email in error please delete it from your system immediately and notify us either by email or telephone. The views expressed in this communication may not necessarily be the views held by McLaren Technology Group Limited.
McLaren Technology Group Limited | McLaren Technology Centre | Chertsey Road | Woking | Surrey | GU21 4YH | UK | Company Number: 01967715

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


The contents of this e-mail are confidential and for the exclusive use of the intended recipient. If you are not the intended recipient you should not read, copy, retransmit or disclose its contents. If you have received this email in error please delete it from your system immediately and notify us either by email or telephone. The views expressed in this communication may not necessarily be the views held by McLaren Technology Group Limited.
McLaren Technology Group Limited | McLaren Technology Centre | Chertsey Road | Woking | Surrey | GU21 4YH | UK | Company Number: 01967715

The contents of this e-mail are confidential and for the exclusive use of the intended recipient. If you are not the intended recipient you should not read, copy, retransmit or disclose its contents. If you have received this email in error please delete it from your system immediately and notify us either by email or telephone. The views expressed in this communication may not necessarily be the views held by McLaren Technology Group Limited.
McLaren Technology Group Limited | McLaren Technology Centre | Chertsey Road | Woking | Surrey | GU21 4YH | UK | Company Number: 01967715

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq



The contents of this e-mail are confidential and for the exclusive use of the intended recipient. If you are not the intended recipient you should not read, copy, retransmit or disclose its contents. If you have received this email in error please delete it from your system immediately and notify us either by email or telephone. The views expressed in this communication may not necessarily be the views held by McLaren Technology Group Limited. 
 McLaren Technology Group Limited | McLaren Technology Centre | Chertsey Road | Woking | Surrey | GU21 4YH | UK | Company Number: 01967715
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160427/92e7afad/attachment-0001.htm 


More information about the syslog-ng mailing list