[rsyslog] Hi - Rsyslog run in debug mode only

Rahul Bhat bhat.rahul at hotmail.com
Tue Jan 15 12:27:13 CET 2013



 Oh, yes,that's an important point: omudpspoof REQUIRES root privileges! I think it has root previlages, but I can check again, since it works well , but only during debug mode. I presume it has.  > From: rgerhards at hq.adiscon.com
> To: rsyslog at lists.adiscon.com
> Date: Tue, 15 Jan 2013 11:20:45 +0000
> Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> 
> 
> 
> > -----Original Message-----
> > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > bounces at lists.adiscon.com] On Behalf Of Radu Gheorghe
> > Sent: Tuesday, January 15, 2013 12:09 PM
> > To: rsyslog-users
> > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > 
> > Hi Rahul,
> > 
> > I've never used UDP spoofing, so my best bet is to check out the differences
> > between debug and non-debug:
> > - when you start it with debug, do you use -n? If yes, what happens if you
> > only do rsyslog -n?
> > - do you drop privileges in your config?
> 
> Oh, yes,that's an important point: omudpspoof REQUIRES root privileges!
> Raienr
> > 
> > Best regards,
> > Radu
> > 
> > 2013/1/15 Rahul Bhat <bhat.rahul at hotmail.com>
> > 
> > >
> > >
> > >
> > >
> > >
> > > Dear Friends ,
> > > Hope you doing great !!I came across this mailing list while trying to
> > > configure the rsyslog v 7.2.4 with spoofing using -
> > > http://www.rsyslog.com/doc/omudpspoof.html. Thanks for making the
> > > information available. Unfortunately, I have a problem with the
> > > rsyslog config and have been trying to sort it out for sometime now. I
> > > have Linux rsyslog server which needs to send the logs to the central
> > > syslog server keeping the originator Ip unchanged hence I am using
> > > spooofing. Current conf parameter regarding spoofing: $ModLoad
> > > omudpspoof $template spoofaddr,"%fromhost-ip%"
> > > $template spooftemplate,"%rawmsg%"
> > > $ActionOMUDPSpoofSourceNameTemplate spoofaddr
> > > $ActionOMUDPSpoofTargetHost 10.xxx.xxx.xx
> > $ActionOMUDPSpoofTargetPort
> > > 514 $ActionOMUDPSpoofSourcePortStart 514
> > > $ActionOMUDPSpoofSourcePortEnd 514
> > > *.* :omudpspoof:;spooftemplate
> > >  My rsyslog config works well when i am running the debug mode but as
> > > soon as i go back to non-debug mode, i don't see the logs being
> > > forwarded to the syslog server.All works well in debug but i don't
> > > understand how and which entries should i change for corrective
> > > action. If you have some time , would appreciate any ideas .
> > > Thanks Rahul
> > >
> > > _______________________________________________
> > > rsyslog mailing list
> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > > DON'T LIKE THAT.
> > >
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL:
> > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond
> > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
 		 	   		  


More information about the rsyslog mailing list