On 1/6/2012 1:05 AM, YunQiang Su wrote:
I have an rsyslog server which is running Debian Stable, and its version of rsyslog is 4.6.4-2.
All of my Debian Stable server can send log to it now. and run both nc $IP $PORT<<< "HELLO" and echo "HELLO" | nc $IP $PORT on client, I can get log on the server.
While for my CentOS 5.7 server, nc $IP $PORT<<< "HELLO" works well, but echo "HELLO" | nc $IP $PORT can not work. tcpdump shows that it can get both of the 2 "HELLO" from server.
And I can not get log both by log file or tcpdump.
*.* @@IP:PORT
Compare the output of this command on both servers (run as root):
netstat -npl | grep rsyslog
Keep in mind that, rsyslog can listen for either UDP or TCP packets (or both) and by default a "nc" command will do tcp only.
The relevant portions of the rsyslog.conf file:
# Provides UDP syslog reception #$ModLoad imudp.so #$UDPServerRun 514
# Provides TCP syslog reception #$ModLoad imtcp.so #$InputTCPServerRun 514