[syslog-ng] network logging

Anatoly Pugachev matorola at gmail.com
Wed Feb 19 11:28:57 UTC 2020 

Hello!

Can someone help me with network logging with syslog-ng :

# rpm -q syslog-ng
syslog-ng-3.25.1.239.g0535e8a-1.el7.x86_64

# rpm -qf /etc/os-release
centos-release-7-7.1908.0.el7.centos.x86_64

server is centos 7 x86_64 vm

/etc/syslog-ng/syslog-ng.conf is in the default configuration (no
changes made from rpm package installed), have additional
configuration in :

# cat conf.d/mtcaptive.conf
source s_mtcaptive { network( ip("0.0.0.0") port(3514) transport("udp")); };
destination d_mtcaptive { file("/var/log/mt-captive-remote"); };
log { source(s_mtcaptive); destination(d_mtcaptive); };


If i try to log a test message with logger on a localhost (where
syslog-ng runs):

[root at localhost syslog-ng]# logger -d -i -n 172.16.3.50 -P 3514 "test
from localhost"

it does work and appears in /var/log/mt-captive-remote :

$ tail -1 /var/log/mt-captive-remote
Feb 19 06:15:01 172.16.3.50 root[11326]: test from localhost

But if i try the same command on a nearby host (vm2, same L2 network,
but different IP network), it does not logged, but udp packet with
test messages is received by host:

[root at vm2 ~]# logger -d -i -n 172.16.3.50 -P 3514 "test from vm2"

back to syslog-ng host:

# ngrep -d ens224 -n 10 "test from" "udp and port 3514"
interface: ens224 (172.16.3.0/255.255.255.0)
filter: ( udp and port 3514 ) and ((ip || ip6) || (vlan && (ip || ip6)))
match: test from
##########################################################################################################################################################################################################################
U 100.64.128.5:24046 -> 172.16.3.50:3514 #218
  <5>Feb 19 06:20:27 root[31663]: test from vm2.
#####################################################################################################^Cexit
319 received, 1 matched


looking at socket status on syslog-ng host:

# ss -unlp | grep 3514
UNCONN     0      0            *:3514                     *:*
         users:(("syslog-ng",pid=11198,fd=23))

no firewall or iptables rules (default all ACCEPT).

Can someone suggest why syslog-ng does not log remote messages to my
destination file?

Thanks.

More information about the syslog-ng mailing list