[rsyslog-notify] Forum Thread: Re: Forwarding select hosts to remote host for analysis - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue Jul 26 17:58:50 CEST 2016
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26828#p26828
Message:
----------
just to be sure that something else isn't stopping processing of the log
message before you get down there, add a line to write to a file just
before the queue config statements for the arcsight forwarding. If the
message is getting there, but not to arcsight, then we know the problem is
in the communication.
when you were checking tcpdump, did you check while rsyslog was starting
up? if rsyslog is not able to connect (firewall blocking it or similar) you
would only see the attempt at startup and then at larger intervals later.
More information about the rsyslog-notify
mailing list