getting a syslog client to send messages to a rsyslog server


Results 1 to 8 of 8

Thread: getting a syslog client to send messages to a rsyslog server

  1. #1
    Join Date
    Jul 2002
    Location
    Chesapeake, VA
    Posts
    250

    Question getting a syslog client to send messages to a rsyslog server

    So I have a RedHat server running as a remote rsyslog server, and I am trying to send logs to it from other servers that only have syslog running. Is this possible?

    Here's my rsyslog server config:

    $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
    $ModLoad imklog # provides kernel logging support (previously done by rklogd)
    #$ModLoad immark # provides --MARK-- message capability

    # Provides UDP syslog reception
    $ModLoad imudp
    $UDPServerRun 514

    # Provides TCP syslog reception
    $ModLoad imtcp
    $InputTCPServerRun 514

    and I know the ports are open..

    [root@syslog ~]# netstat -anp | grep rsyslogd
    tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 2382/rsyslogd
    tcp 0 0 :::514 :::* LISTEN 2382/rsyslogd
    udp 0 0 0.0.0.0:514 0.0.0.0:* 2382/rsyslogd
    udp 0 0 :::514 :::* 2382/rsyslogd


    then on the client side I have the following in the /etc/syslog.conf

    *.* @syslog

    and restart the respective services on both boxes, but still no messages show up on the syslog box.

  2. #2
    Join Date
    Jul 2002
    Location
    Chesapeake, VA
    Posts
    250
    also, from the client box I can run the following:

    [root@client1 ~]# nc -vz syslog 514
    nc: connect to syslog port 514 (tcp) failed: No route to host
    [root@client1 ~]# nc -vz -u syslog 514
    Connection to syslog 514 port [udp/syslog] succeeded!

    so is tcp 514 not really open on the syslog server?

  3. #3
    Join Date
    Oct 2000
    Location
    Sweden
    Posts
    494
    One suggestion I found is that "... UNIX system seems to don't understand the *.* so I just update the command line to
    *.debug @myrsyslogserver.mycompany.corp
    instead of
    *.* @myrsyslogserver.mycompany.corp"
    (Source: http://kb.monitorware.com/send-syslo...og-t10375.html )
    Last edited by x; 02-15-2013 at 01:11 PM. Reason: Adding source
    In pingvino veritas!

  4. #4
    Join Date
    Jul 2002
    Location
    Chesapeake, VA
    Posts
    250
    I'm new to this whole logging thing, but it has become my responsibility since I'm the "linux guy" in our group. I'm not sure if *.debug will capture what I am trying to receive on the rsyslog server? How would I do an immediate test to see if that configuration works?

  5. #5
    Join Date
    Oct 2000
    Location
    Sweden
    Posts
    494
    The point is, don't use "*.*" use *.<what you want>
    You will need probably need several lines to catch all you want.
    In pingvino veritas!

  6. #6
    Join Date
    Jul 2002
    Location
    Chesapeake, VA
    Posts
    250
    that does not seem to be making a difference. I'm thinking that it may have something to do with the SELinux settings. I'm still investigating though..

  7. #7
    Join Date
    Jul 2002
    Location
    Chesapeake, VA
    Posts
    250
    for anyone that wants to know.. it eventually turned out to be an error in my iptables settings.. seems to be working now!

  8. #8
    Join Date
    Jan 2004
    Location
    boston, mass USA
    Posts
    1,876
    Might I suggest this brilliant post by a brilliant author http://forums.justlinux.com/showthre...ng-remote-logs
    m1ke_l
    Lenovo x120e (gave my wife the Asus 1015N)http://justlinux.com/forum/showthrea...hreadid=153955
    Fedora 16 (but I haven't settled yet)
    8gigs of RAM (in a NETBOOK!!)
    Boston, MA USA/Wondering

    My dad's website (he'll love the traffic) http://www.cafephotos.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •