[rsyslog-notify] Forum Thread: Re: rSyslog not forwarding - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Sun Jan 11 15:07:15 CET 2015
User: TommyGun
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25172#p25172
Message:
----------
Well, rather embarrassing but the 2 servers were not in the same subnet and
somehow routing is not in place (i guess). Which is strange because ping
and nmap worked but it triggered me when telnet gave a time out.
So, it's fixed! :)
[b:34ycj39e]CLIENT[/b:34ycj39e]
[u:34ycj39e]snort[/u:34ycj39e]
output alert_syslog: LOG_LOCAL5 LOG_ALERT
[u:34ycj39e]rsyslog[/u:34ycj39e]
local5.* @192.168.32.27:514
local5.* /var/log/snort.log
##*.*;auth,authpriv.none -/var/log/syslog
*.*;local5.none;auth,authpriv.none -/var/log/syslog
[b:34ycj39e]SERVER[/b:34ycj39e]
[u:34ycj39e]rsyslog[/u:34ycj39e]
$ModLoad imudp
$UDPServerAddress <IP FROM ETH1>
$UDPServerRun 514
local5.* /var/log/snort.log
##*.*;auth,authpriv.none -/var/log/syslog
*.*;local5.none;auth,authpriv.none -/var/log/syslog
Et voila :)
Didn't know about the $UDPServerAddress option but that's the only trick i
found to make sure rsyslog runs on the second interface which i added to
the same vlan as the client.
More information about the rsyslog-notify
mailing list