[rsyslog-notify] Forum Thread: Rsyslog not receiving messages from remote machines - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Fri Feb 14 10:46:13 CET 2014
User: raj
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24231#p24231
Message:
----------
I have a strange problem with rsyslog. I have experienced it on three
different machines with different OSes (Fedora, CentOS, Ubuntu) and
different rsyslog versions, have googled for solution to no avail. I
have no idea what might be going on, maybe someone can help?
The problem is, rsyslogd does not show in logs the messages coming in
from remote machines. Of course, I have the required directives $ModLoad
imudp and $UDPServerRun 514 in the config file, I have also put a
catch-all rule *.* /var/log/alllog on top of all the rules to not miss
any message. However, both in the alllog file and in the
other /var/log/* files there are only messages generated by the local
host.
Netstat shows that rsyslogd is listening on UDP port 514. Tcpdump shows
that messages from other machines are coming in at UDP port 514. But
rsyslogd even started in debug mode ("-d" switch) does not show any
trace of these messages (however, it informs precisely about any of the
local host generated messages).
What's more interesting, when I tried to send a test message from
another computer to rsyslog using a method I found on some forum:
echo "test message" | nc -w0 -u 192.168.2.5 514
(where 192.168.2.5 is the address of the problematic rsyslogd machine),
this message *is* logged by rsyslogd in the alllog file.
How to solve this???
More information about the rsyslog-notify
mailing list