Results 1 to 2 of 2
I have a strange problem with rsyslog. I have experienced it on three different machines with different OSes (Fedora, CentOS, Ubuntu) and different rsyslog versions, have googled for solution to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-14-2014 #1
- Join Date
- Feb 2014
Strange problem with rsyslog
The problem is, rsyslogd does not show in logs the messages coming in from remote machines. Of course, I have the required directives $ModLoad imudp and $UDPServerRun 514 in the config file, I have also put a catch-all rule *.* /var/log/alllog on top of all the rules to not miss any message. However, both in the alllog file and in the other /var/log/* files there are only messages generated by the local host.
Netstat shows that rsyslogd is listening on UDP port 514. Tcpdump shows that messages from other machines are coming in at UDP port 514. But rsyslogd even started in debug mode ("-d" switch) does not show any trace of these messages (however, it informs precisely about any of the local host generated messages).
What's more interesting, when I tried to send a test message from another computer to rsyslog using a method I found on some forum:
echo "test message" | nc -w0 -u 192.168.2.5 514
(where 192.168.2.5 is the address of the problematic rsyslogd machine), this message *is* logged by rsyslogd in the alllog file.
How to solve this???
- 02-15-2014 #2
- Join Date
- Apr 2009
- I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
Show the contents of your rsyslog configuration file in /etc/rsyslog.conf.Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!