-
getting a syslog client to send messages to a rsyslog server
So I have a RedHat server running as a remote rsyslog server, and I am trying to send logs to it from other servers that only have syslog running. Is this possible?
Here's my rsyslog server config:
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
and I know the ports are open..
[root@syslog ~]# netstat -anp | grep rsyslogd
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 2382/rsyslogd
tcp 0 0 :::514 :::* LISTEN 2382/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:* 2382/rsyslogd
udp 0 0 :::514 :::* 2382/rsyslogd
then on the client side I have the following in the /etc/syslog.conf
*.* @syslog
and restart the respective services on both boxes, but still no messages show up on the syslog box.
-
also, from the client box I can run the following:
[root@client1 ~]# nc -vz syslog 514
nc: connect to syslog port 514 (tcp) failed: No route to host
[root@client1 ~]# nc -vz -u syslog 514
Connection to syslog 514 port [udp/syslog] succeeded!
so is tcp 514 not really open on the syslog server?
-
One suggestion I found is that "... UNIX system seems to don't understand the *.* so I just update the command line to
*.debug @myrsyslogserver.mycompany.corp
instead of
*.* @myrsyslogserver.mycompany.corp"
(Source: http://kb.monitorware.com/send-syslo...og-t10375.html )
Last edited by x; 02-15-2013 at 02:11 PM.
Reason: Adding source
In pingvino veritas!
-
I'm new to this whole logging thing, but it has become my responsibility since I'm the "linux guy" in our group. I'm not sure if *.debug will capture what I am trying to receive on the rsyslog server? How would I do an immediate test to see if that configuration works?
-
The point is, don't use "*.*" use *.<what you want>
You will need probably need several lines to catch all you want.
In pingvino veritas!
-
that does not seem to be making a difference. I'm thinking that it may have something to do with the SELinux settings. I'm still investigating though..
-
for anyone that wants to know.. it eventually turned out to be an error in my iptables settings.. seems to be working now!
-
Might I suggest this brilliant post by a brilliant author http://forums.justlinux.com/showthre...ng-remote-logs
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|