Find the answer to your Linux question:
Results 1 to 2 of 2
I have a strange problem with rsyslog. I have experienced it on three different machines with different OSes (Fedora, CentOS, Ubuntu) and different rsyslog versions, have googled for solution to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2014
    Posts
    1

    Strange problem with rsyslog


    I have a strange problem with rsyslog. I have experienced it on three different machines with different OSes (Fedora, CentOS, Ubuntu) and different rsyslog versions, have googled for solution to no avail. I have no idea what might be going on, maybe someone can help?

    The problem is, rsyslogd does not show in logs the messages coming in from remote machines. Of course, I have the required directives $ModLoad imudp and $UDPServerRun 514 in the config file, I have also put a catch-all rule *.* /var/log/alllog on top of all the rules to not miss any message. However, both in the alllog file and in the other /var/log/* files there are only messages generated by the local host.

    Netstat shows that rsyslogd is listening on UDP port 514. Tcpdump shows that messages from other machines are coming in at UDP port 514. But rsyslogd even started in debug mode ("-d" switch) does not show any trace of these messages (however, it informs precisely about any of the local host generated messages).

    What's more interesting, when I tried to send a test message from another computer to rsyslog using a method I found on some forum:

    echo "test message" | nc -w0 -u 192.168.2.5 514

    (where 192.168.2.5 is the address of the problematic rsyslogd machine), this message *is* logged by rsyslogd in the alllog file.

    How to solve this???

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,459
    Show the contents of your rsyslog configuration file in /etc/rsyslog.conf.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •