We have one server setup where all routers and switches send syslog traffic, then a second one which has a fancy windows based syslog daemon sitting in our NOC. The second machine WILL receive events generated by the first syslog server, but will not relay any messages received from the routers. Config: /usr/sbin/syslogd -r -m 60 -d (currently in debug mode) syslog.conf: syslog.* @1.2.3.4 (real IP removed) Debug says: Successful select, descriptor count = 1, Activity on: 28 Message from inetd socket: #28, host: 12.96.160.138 Message length: 106, File descriptor: 28. logmsg: syslog.notice<45>, flags 2, from car0101.dllstx2.theplanet.com, msg 19213: Jul 18 18:53:48: %SYS-5-CONFIG_I: Configured from console by tconnolly on vty0 (12.96.160.84) Called fprintlog, logging to FILE /var/log/syslog Called fprintlog, logging to FILE /var/log/messages Called fprintlog, logging to FORW nocwall1syslog.dllstx2.theplanet.com Not sending message to remote. Called fprintlog, logging to FILE /var/log/syslog.log Listening on syslog UDP port. Calling select, active file descriptors (max 28): 3 28 Select interrupted. Listening on syslog UDP port. Calling select, active file descriptors (max 28): 3 28 ------------------------ DMESG ---------------------------------- Linux version 2.4.19-gentoo-r7 (root@(none)) (gcc version 2.95.3 20010315 (release)) #3 Thu Jul 18 19:52:26 Local time zone must be set--see zic manual page 2002 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009fc00 (usable) BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved) BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 000000001fec0000 (usable) BIOS-e820: 000000001fec0000 - 000000001fef8000 (ACPI data) BIOS-e820: 000000001fef8000 - 000000001ff00000 (ACPI NVS) BIOS-e820: 00000000ffb80000 - 00000000ffc00000 (reserved) BIOS-e820: 00000000fff00000 - 0000000100000000 (reserved) 510MB LOWMEM available. On node 0 totalpages: 130752 zone(0): 4096 pages. zone(1): 126656 pages. zone(2): 0 pages. Kernel command line: root=/dev/hda3 Local APIC disabled by BIOS -- reenabling. Found and enabled local APIC! Initializing CPU#0 Detected 598.104 MHz processor. Console: colour VGA+ 80x25 Calibrating delay loop... 1179.64 BogoMIPS Memory: 514380k/523008k available (900k kernel code, 8240k reserved, 220k data, 228k init, 0k highmem) Dentry cache hash table entries: 65536 (order: 7, 524288 bytes) Inode cache hash table entries: 32768 (order: 6, 262144 bytes) Mount cache hash table entries: 8192 (order: 4, 65536 bytes) Buffer cache hash table entries: 32768 (order: 5, 131072 bytes) Page-cache hash table entries: 131072 (order: 7, 524288 bytes) CPU: Before vendor init, caps: 0387fbff 00000000 00000000, vendor = 0 CPU: L1 I cache: 16K, L1 D cache: 16K CPU: L2 cache: 256K CPU: After vendor init, caps: 0387fbff 00000000 00000000 00000000 CPU serial number disabled. CPU: After generic, caps: 0383fbff 00000000 00000000 00000000 CPU: Common caps: 0383fbff 00000000 00000000 00000000 CPU: Intel Pentium III (Coppermine) stepping 01 Enabling fast FPU save and restore... done. Enabling unmasked SIMD FPU exception support... done. Checking 'hlt' instruction... OK. POSIX conformance testing by UNIFIX mtrr: v1.40 (20010327) Richard Gooch (rgooch@atnf.csiro.au) mtrr: detected mtrr type: Intel PCI: PCI BIOS revision 2.10 entry at 0xfda95, last bus=1 PCI: Using configuration type 1 PCI: Probing PCI hardware PCI: Using IRQ router PIIX [8086/2410] at 00:1f.0 Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket Starting kswapd devfs: v1.12 (20020219) Richard Gooch (rgooch@atnf.csiro.au) devfs: boot_options: 0x0 pty: 256 Unix98 ptys configured Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled ttyS00 at 0x03f8 (irq = 4) is a 16550A ttyS01 at 0x02f8 (irq = 3) is a 16550A Real Time Clock Driver v1.10e block: 992 slots per queue, batch=248 Uniform Multi-Platform E-IDE driver Revision: 6.31 ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx PIIX4: IDE controller on PCI bus 00 dev f9 PIIX4: chipset revision 2 PIIX4: not 100% native mode: will probe irqs later ide0: BM-DMA at 0xffa0-0xffa7, BIOS settings: hda:DMA, hdb:pio ide1: BM-DMA at 0xffa8-0xffaf, BIOS settings: hdc:DMA, hdd:pio hda: Maxtor 91021U2, ATA DISK drive hdc: TOSHIBA CD-ROM XM-6702B, ATAPI CD/DVD-ROM drive ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 ide1 at 0x170-0x177,0x376 on irq 15 hda: 20010816 sectors (10246 MB) w/512KiB Cache, CHS=1245/255/63, UDMA(33) hdc: ATAPI 48X CD-ROM drive, 128kB Cache, UDMA(33) Uniform CD-ROM driver Revision: 3.12 Partition check: /dev/ide/host0/bus0/target0/lun0: p1 p2 p3 Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 eepro100.c:v1.09j-t 9/29/99 Donald Becker http://www.scyld.com/network/eepro100.html eepro100.c: $Revision: 1.36 $ 2000/11/17 Modified by Andrey V. Savochkin <saw@saw.sw.com.sg> and others PCI: Found IRQ 9 for device 01:01.0 PCI: Sharing IRQ 9 with 00:1f.2 eth0: Intel Corp. 82557/8/9 [Ethernet Pro 100], 00:D0:B7:66:8F:1B, IRQ 9. Receiver lock-up bug exists -- enabling work-around. Board assembly 000000-000, Physical connectors present: RJ45 Primary interface chip i82555 PHY #1. General self-test: passed. Serial sub-system self-test: passed. Internal registers self-test: passed. ROM checksum self-test: passed (0x04f4518b). Receiver lock-up workaround activated. NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP IP: routing cache hash table of 4096 buckets, 32Kbytes TCP: Hash tables configured (established 32768 bind 32768) ip_tables: (C) 2000-2002 Netfilter core team NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. VFS: Mounted root (ext2 filesystem) readonly. Freeing unused kernel memory: 228k freed Adding Swap: 265064k swap-space (priority -1) --------------------------------------------------------------
After looking at the source code, adding the -h option when firing up syslogd seems to fix this.
