In my design, there are collectors placed in security zones, receiving logs from a great number of Linux servers and forwarding the incoming to a Master Collector. This works perfectly fine :) My Collector's Input is defined like:
<Extension _syslog> Module xm_syslog </Extension> <Input in1> Module im_tcp Host 0.0.0.0 Port 514 Exec parse_syslog(); </Input>
but with one exception: In one of the zones I'm supposed to receive logs from the firewall - I can see in the nxlog.log the connection is accepted, but then it says
connection accepted from [X.X.X:X]:port couldn't bind tcp socket to [X.X.X.X]:514; cannot assign requested address
and I don't get any firewall logs.
What is the proper fix for this?