getting a syslog client to send messages to a rsyslog server
So I have a RedHat server running as a remote rsyslog server, and I am trying to send logs to it from other servers that only have syslog running. Is this possible?
Here's my rsyslog server config:
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
# Provides TCP syslog reception
and I know the ports are open..
[root@syslog ~]# netstat -anp | grep rsyslogd
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 2382/rsyslogd
tcp 0 0 :::514 :::* LISTEN 2382/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:* 2382/rsyslogd
udp 0 0 :::514 :::* 2382/rsyslogd
then on the client side I have the following in the /etc/syslog.conf
and restart the respective services on both boxes, but still no messages show up on the syslog box.
also, from the client box I can run the following:
[root@client1 ~]# nc -vz syslog 514
nc: connect to syslog port 514 (tcp) failed: No route to host
[root@client1 ~]# nc -vz -u syslog 514
Connection to syslog 514 port [udp/syslog] succeeded!
so is tcp 514 not really open on the syslog server?
One suggestion I found is that "... UNIX system seems to don't understand the *.* so I just update the command line to
(Source: http://kb.monitorware.com/send-syslo...og-t10375.html )
Last edited by x; 02-15-2013 at 02:11 PM.
Reason: Adding source
In pingvino veritas!
I'm new to this whole logging thing, but it has become my responsibility since I'm the "linux guy" in our group. I'm not sure if *.debug will capture what I am trying to receive on the rsyslog server? How would I do an immediate test to see if that configuration works?
The point is, don't use "*.*" use *.<what you want>
You will need probably need several lines to catch all you want.
In pingvino veritas!
that does not seem to be making a difference. I'm thinking that it may have something to do with the SELinux settings. I'm still investigating though..
for anyone that wants to know.. it eventually turned out to be an error in my iptables settings.. seems to be working now!
Might I suggest this brilliant post by a brilliant author http://forums.justlinux.com/showthre...ng-remote-logs