1

In the local log output, I can see debug messages but these won't show up on the remote logging server. It seems to ignore these but it does print warning and error level messages just fine.

These are the local (Ubuntu 14.04.2 LTS) syslog-ng.conf entries:

# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source s_src {
       system();
       internal();
};

destination d_net { udp("1.2.3.4"); };
log { source(s_src); destination(d_net); };

s_src is also used for local logging so it seems to contain the debug messages.

This is the logging server's (Debian 6.0) config:

destination df_remote {
        file(
                "/var/log/remotelogs/from_$HOST"
                create_dirs(yes)
                owner(root)
                group(root)
                perm(0644)
                dir_perm(0777)
         );
};

source s_remote { udp(); };

log { source(s_remote); destination(df_remote); };

So apparently no log filter of any kind is applied but still debug messages don't get through. What could be the issue here?

foraidt
  • 111
  • 4
  • 1
    A few things that will help you track the issue down - run a tcpdump on the logging server to see if the messages are coming in - "tcpdump port 514". If you see them coming in, start syslog-ng in debugging mode to see if they are getting filtered out - "syslog-ng -Fdve". – Tom Damon May 12 '15 at 18:30

1 Answers1

0

UDP is a protocol designed to deliver its packets timely, at the expense of lossiness. Whenever there is a problem with packet delivery, the packets will just be dropped. See e.g. this explanation.

reinierpost
  • 410
  • 3
  • 9
  • 3
    My network structure is very straightforward and I haven't had any packet loss issues yet. Even if packet loss was a problem, this would not explain why not a single debug message gets through while other messages do. – foraidt May 12 '15 at 12:38