User: sudharshan
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25646#p25646
Message:
----------
[b:15maxngv][root at localhost ~]# egrep -v '^#|^$'
/etc/rsyslog.conf[/b:15maxngv]
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imklog # reads kernel messages (the same are read from journald)
$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress 0.0.0.0
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/F10.log
[b:15maxngv][root at localhost ~]# vi /etc/rsyslog.d/listen.conf [/b:15maxngv]
$SystemLogSocketName /run/systemd/journal/syslog
$AllowedSender UDP, 127.0.0.1, 10.16.0.0/24
$AllowedSender TCP, 127.0.0.1, 10.16.0.0/24
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/etc/rsyslog.d/listen.conf" 3L, 137C
When i try to put log to UDP port 514 from 10.16.212.35, i see an error
that "Host Administratively Prohibited" ICMP message.