I have 3 servers configured to run syslog-ng.
We'll call the servers web, jump, and client.
Web is CentOS 6
Jump and Client are CentOS 7
Jump is an OpenVPN server
Client is an OpenVPN client
Web is on the same private network as Jump
Connectivity is working fine between all 3 servers.
I can SSH and ping directly from Client to either Jump or Web, and vice versa.
I have Syslog-NG configured on Client and Web to log to Jump, and Jump is configured to receive logs from both Web and Client on tcp port 514.
Client is able to log to Jump without issues.
Web, however, does not seem to want to log to Jump.
For testing purposes, I disabled the firewall temporarily on Jump.
I also stopped syslog-ng on Web and ran it in debug mode. There were no errors related to connecting to Jump.
I also am able to telnet from Web to Jump on port 514, so I know there is no routing issue or firewall issues with it, and I know the configuration is good.
Given that the only difference between Client and Web is the OS version, is Syslog-NG in CentOS 6 just not compatible with Syslog-NG in CentOS 7? I mean has the syslog protocol changed that much that the older version of Syslog-NG won't work with the newer version?
Client: syslog-ng-3.5.6-3.el7.x86_64
Jump: syslog-ng-3.5.6-3.el7.x86_64
Web: syslog-ng-3.2.5-4.el6.x86_64
Turns out after more investigation that I had 2 issues.
1) When the firewall WAS enabled, I had the internal NIC on
jumpin the wrong zone. Once that was corrected, I was then able to get connected via telnet with the firewall running2) I compared the config of
clientagainstwebagain and found that I was missing thelogline onwebwhich indicated to log tojumpand was present onclient.Once the
logline was added onweband the daemon restarted, logging began immediately onjump