[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Logging from remote sources

Gene Heskett wrote:

> I want to set up rsyslog on this machine to be a receiver, and log to a 
> separate file, the data it should be capturing on port 514.  Right now, it 
> looks like a pretty good imitation of /dev/null. :)
> I have the manpages and docs installed for rsyslog, and they seem to contain 
> nice examples of sending the logs someplace else, but nothing on the reverse, 
> where it is to log from another source.

Well, I just had a look at the man pages and conf files and found this:

# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp.so
#$InputTCPServerRun 514

which appears to be what you have to uncomment to receive messages.
Do you want to receive TCP or UDP?
Try to understand if data is coming to your machine with

tcpdump -i eth0 -n -n

and do not forget to make a hole in the firewall to avoid
discarding these packets.

   Roberto Ragusa    mail at robertoragusa.it

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]