为什么我的syslog-ng无法接收其他机器的日志

mbmf1982

如题，我有两台试验机，一台是172.16.52.155（syslog-ng日志服务器），还有一台172.16.52.159（客户机），155这台机器的syslog-ng配置如下：
@version: 3.0
#
# Syslog-ng example configuration for for Debian GNU/Linux
#
# Copyright (c) 1999 anonymous
# Copyright (c) 1999 Balazs Scheidler
# $Id: syslog-ng.conf.sample,v 1.3 2003/05/20 08:57:27 asd Exp $
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation.
#

options { keep_hostname(yes); long_hostnames(off); flush_lines(0) ; log_fifo_size(1024); create_dirs(yes); owner(root); group(root); perm(0600); dir_perm(0700); };

source src { unix-stream("/dev/log"); internal(); file("/proc/kmsg"); };
source net { udp(); };

destination authlog { file("/var/log/auth.log"); };
destination single-file { file("/var/log/syslog-ng/all-messages"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination mail { file("/var/log/mail.log"); };

destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
#destination loghost { udp("loghost" port(999)); };


destination xconsole { pipe("/dev/xconsole"); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_ppp { facility(local2); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
        and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
log { source(src); filter(f_news); filter(f_err); destination(newserr); };
log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
log { source(src); filter(f_ppp); destination(ppp); };
log { source(src); destination(console_all); };
log { source(src); destination(single-file); };
客户机只配置了syslog.conf配置如下
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                        /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                                /var/log/secure

# Log all the mail messages in one place.
mail.*                                                /var/log/maillog


# Log cron stuff
cron.*                                                        /var/log/cron

cron.*                                                @172.16.52.155
# Everybody gets emergency messages
*.emerg                                                        *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                        /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


*.*                                                @172.16.52.155
可是为什么我的syslog-ng服务器无法接收到客户机的日志信息呢，两台机器都能记录自己的日志消息，麻烦大家帮我看看是哪里的问题

NetSeek

安装配置参考一下这个：
直接使用文中的配置文件测试一下：）
http://bbs.linuxtone.org/viewthread.php?tid=2082
有问题再讨论

mbmf1982

问题已经解决了，需要在syslog-ng里加入接收哪个ip段的日志

zhxd

朋友，不知道你的syslog-ng是怎么配置的，可以发出来看看么？

mbmf1982

楼上的兄弟，由于这是一年前的事了，所以我也记不大清楚了，上网上找了一天，你试试在syslog-ng.conf文件里加入如下代码
source s_remote {
         tcp(ip(0.0.0.0) port(514));
         udp(ip(0.0.0.0) port(514));
};

我这个是监听所有ip段，如果你要指定监听某一个客户端发来的日志，把0.0.0.0改成相应的ip即可。我不知道对不对，现在已经不在那个公司了，所以对不对你自己试试吧。有了结果告诉我一下。