After an upgrade from Syslog-NG version 1.6.7 to version 2.0.5, our syslog server began reporting the following error each time an event was received from a remote host:
Syslog connection rejected by tcpd; from=’AF_INET(127.0.0.1:XXXXX)’
The syslog server was a Solaris x86 system which had a number of reverse SSH tunnels to several SPARC-based syslog clients. The version of syslog-ng was obtained from sunfreeware.com in binary form on both systems.
It turns out that Syslog-NG 2.x introduced support for TCP Wrappers (which tcpd is part of) and thus, the settings in my /etc/hosts.allow and /etc/hosts.deny files were actually preventing syslog-ng from accessing port 514 on the local host. Adding the following entry to hosts.allow seems to have fixed the problem:
Of course you will need to refresh/restart the inetd service after you do this (svcadm refresh/restart inetd).