[syslog-ng] Problem to Get UDP Packets - Syslog-ng

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Mar 25 16:37:14 UTC 2020


On 25.03.20 15:48, William Luiz Ribeiro Vasconcelos Da Silva wrote:
>I installed syslog-ng on a new machine, however in initial tests, there was no collection of UDP packages by syslog-ng.
>
>Here are some points I checked:
>
>udp        0      0 10.96.145.42:514        0.0.0.0:*                           16169/syslog-ng

>Here is an example of the package received via tcpdump, but it was not captured by syslog-ng:
>
>10:46:13.529331 IP (tos 0x20, ttl 251, id 33055, offset 0, flags [none], proto UDP (17), length 243)
>    10.96.145.98.syslog > mgalnxa01.9514: [udp sum ok] SYSLOG, length: 215

this packer was sent from IP 10.96.145.98 port 514 (syslog)
to host mgalnxa01 (is it 10.96.145.42?) port 9514

1.  it must come to port 514 on your host if you want to capture it

2.  note that at least on linut you will see packets coming to your machine,
    even if they are blocked by your firewall

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels don't get sucked into jet engines.


More information about the syslog-ng mailing list