[rsyslog-notify] Forum Thread: Re: CentOS 7 and network logging - (Mode 'edit_last_post')

noreply at adiscon.com noreply at adiscon.com
Tue Nov 3 08:20:52 CET 2015 

User: IB64 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26092#p26092

Message: 
----------
I try to clear my question
Events sequence:
1. Centos started
2. Rsyslog started
3. Network manager started, failed
4. Network manager started, success
5. Rsyslog write to log file "UDP message from disallowed sender
discarded", instead of registering messages
6. Manual restart rsyslog without any changes in configs or environment -
rsyslog begin normal registering

Rsyslog version:
[code:1w62qb3i][root at mon2]# rsyslogd -v
rsyslogd 7.4.7, compiled with:
        FEATURE_REGEXP:                         Yes
        FEATURE_LARGEFILE:                      No
        GSSAPI Kerberos 5 support:              Yes
        FEATURE_DEBUG (debug build, slow code): No
        32bit Atomic operations supported:      Yes
        64bit Atomic operations supported:      Yes
        Runtime Instrumentation (slow code):    No
        uuid support:                           Yes

See http://www.rsyslog.com for more information.
[/code:1w62qb3i]
Rsyslog config (comment lines deleted):

[code:1w62qb3i][root at mon2]# cat /etc/rsyslog.conf
$ModLoad imuxsock # provides support for local system logging (e.g.
via logger command)
$ModLoad imjournal # provides access to the systemd journal

$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

$AllowedSender UDP, 192.168.99.0/24,
192.168.50.0/24, 192.168.1.0/24,
192.168.100.0/24, 10.10.40.0/21,
127.0.0.1
$AllowedSender TCP, 192.168.99.0/24,
192.168.50.0/24, 192.168.1.0/24,
192.168.100.0/24, 10.10.40.0/21,
127.0.0.1

:fromhost-ip, isequal, "192.168.99.1"
/var/log/I_GS728TS.log
&~
:fromhost-ip, isequal, "10.10.40.2" 
/var/log/I_Cisco-2960-3-48.log
&~

$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state

*.info;mail.none;authpriv.none;cron.none               
/var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                 
-/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                
:omusrmsg:*
uucp,news.crit                                         
/var/log/spooler
local7.*                                               
/var/log/boot.log

[root at mon2]#
[/code:1w62qb3i]

More information about the rsyslog-notify mailing list