Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Obiwan1968
Contributor

cp_log_export says "cannot initialize socket ($targetIp:514)"

Hi There

I tried a lot to solve this issue, but with no success. I am using R80.30 take 200 with standalone configuration 

I created a new exporter with
cp_log_export add name LOG-514 target-server 172.30.61.21 target-port 514 protocol tcp

and already get an error

sed: invalid option -- E
Error: Failed to set tag name: [is_enabled] as: true

Directory and files were created, so I can change call tghe settings by hand

<ip>$targetIp</ip><!--the ip of the syslog server-->
<port>$targetPort</port><!--the port on which the syslog is listening to-->
<protocol>$protocol</protocol><!--udp/tcp-->
<security></security><!--clear/tls-->

<ip>$targetIp</172.30.61.21><!--the ip of the syslog server-->
<port>$targetPort</514><!--the port on which the syslog is listening to-->
<protocol>$protocol</tcp><!--udp/tcp-->
<security></clear><!--clear/tls-->

changes those, the service is at least running now

[Expert@ips:0]# cp_log_export status

name: LOG-514
status: Running (829)
last log read at: 8 Apr 14:59:01
debug file: /opt/CPrt-R80.30/log_exporter/targets/LOG-514/log/log_indexer.elg

But there are still plenty of errors in the log_indexer.elg and I see no communiction on port TCP/514

[log_indexer 829 4126202768]@ips[8 Apr 14:58:56] SyslogTCPSender::connect: Failed to initialize socket ($targetIp:514)

... and 1000s of those within 2s

[log_indexer 829 4114566032]@ips[8 Apr 14:58:56] LogFormatExtractor::extractFields Filter List is empty

... at the end I see

[log_indexer 829 4136692624]@ips[8 Apr 15:04:11] SyslogTCPSender::connect: Failed to initialize socket ($targetIp:514)

[log_indexer 829 4126202768]@ips[8 Apr 15:04:11] SyslogTCPSender::connect: Failed to initialize socket ($targetIp:514)

[log_indexer 829 3973053328]@ips[8 Apr 15:04:11] Files read rate [adtlog] : Current=0 Avg=0 MinAvg=0 Total=18 buffers (0/0/0/0)

[log_indexer 829 3973053328]@ips[8 Apr 15:04:11] Sent current: 0 average: 0 total: 0

[log_indexer 829 3973053328]@ips[8 Apr 15:04:16] Files read rate [adtlog] : Current=0 Avg=0 MinAvg=0 Total=18 buffers (0/0/0/0)

[log_indexer 829 3973053328]@ips[8 Apr 15:04:16] Sent current: 0 average: 0 total: 0

[log_indexer 829 3973053328]@ips[8 Apr 15:04:21] Files read rate [adtlog] : Current=0 Avg=0 MinAvg=0 Total=18 buffers (0/0/0/0)

[log_indexer 829 3973053328]@ips[8 Apr 15:04:21] Sent current: 0 average: 0 total: 0

[log_indexer 829 3973053328]@ips[8 Apr 15:04:26] Files read rate [adtlog] : Current=0 Avg=0 MinAvg=0 Total=18 buffers (0/0/0/0)

[log_indexer 829 3973053328]@ips[8 Apr 15:04:26] Sent current: 0 average: 0 total: 0

[log_indexer 829 3973053328]@ips[8 Apr 15:04:31] Files read rate [adtlog] : Current=0 Avg=0 MinAvg=0 Total=18 buffers (0/0/0/0)

[log_indexer 829 3973053328]@ips[8 Apr 15:04:31] Sent current: 0 average: 0 total: 0

Anyone having any idea what I could try? I guess the service is running but not correctly initialised, therefore no communication to the syslog server possible.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

What version/JHF are we talking?
0 Kudos
Obiwan1968
Contributor

It's R80.30 Take 200

0 Kudos
Norbert_Bohusch
Advisor

If you really put it lilke this:

<ip>$targetIp</172.30.61.21><!--the ip of the syslog server-->
<port>$targetPort</514><!--the port on which the syslog is listening to-->
<protocol>$protocol</tcp><!--udp/tcp-->
<security></clear><!--clear/tls-->

 

Then the fault is, that its wrong. It should be:

<ip>172.30.61.21</ip>

<port>514</port>

<protocol>tcp</protocol>

<security>clear</security>

0 Kudos
Obiwan1968
Contributor

Then it would be?
<ip>172.30.61.21</ip>
The backslash before the </ip> not behind the "21/<ip>"

I will try on Tuesday, until than we have freeze

0 Kudos
Norbert_Bohusch
Advisor

Yes, sorry for that typo.
0 Kudos
Obiwan1968
Contributor

Works! Thanks a lot!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events