[rsyslog-notify] Forum Thread: Not Able to log remote/Local TCP messages with Rsyslog - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Thu Jun 16 07:20:12 CEST 2016
User: Kunal
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26609#p26609
Message:
----------
Hi All,
We have been struggling to see our first TCP log messages with Rsyslog
(7.4.7) and RHEL 7.
We have run separate rsyslogd with different pid and conf file(not a
service).
UDP is working fine.
We have gone through a few forums and tried below things.
Tried TCP with ports 601,1025,10441 etc
Added
PrivDropToUser adm
PrivDropToGroup adm
to conf file.
We are using logger client
logger --tcp -n <destination-ip> message
We can see the tcp packet on the destination machine with tcpdump on
specific port.
But seems that rsyslog is not working.
Machine: RHEL 7 and SElinux is disabled.
Below is the Extract or our conf file
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPMaxSessions 500
#$InputTCPServerRun 10441
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="11514")
#$AllowedSender TCP,<dest-ip>
#$PrivDropToUser adm
#$PrivDropToGroup adm
# Where to place auxiliary files
$WorkDirectory /var/opt/rsyslog
# Use default timestamp format
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#### RULES ####
*.* /var/opt/rsyslog/kunal.log
More information about the rsyslog-notify
mailing list