On Tue, Dec 14, 2010 at 10:23 AM, carlopmart carlopmart@gmail.com wrote:
On 12/14/2010 04:01 PM, Bob Beers wrote:
On Tue, Dec 14, 2010 at 9:16 AM, carlopmartcarlopmart@gmail.com wrote:
Oops sorry. I prefer to bind via tcp port, if it is possible... is it?
I guess so ... you couldn't reach the links I provided? Try in rsyslog.conf:
$ModLoad imtcp $TCPServerAddress 192.0.2.1 $InputTCPServerRun 514
Yes, I have tried, and doesn't works:
#### MODULES ####
#$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) #$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) #$ModLoad immark.so # provides --MARK-- message capability
# Provides UDP syslog reception #$ModLoad imudp.so #$UDPServerAddress 172.25.50.26 #$UDPServerRun 514
# Provides TCP syslog reception $ModLoad imtcp.so $TCPServerAddress 172.25.50.26 $InputTCPServerRun 514
and netstat output:
[root@loghost librelp-0.1.1]# netstat -anp |grep rsyslog tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 4446/rsyslogd unix 3 [ ] DGRAM 543447 1001/rsyslogd /dev/log
Are you sure you did a 'service rsyslogd restart' after changing rsyslog.conf?
Again looking at this site: http://www.rsyslog.com/doc/manual.html, specifically http://www.rsyslog.com/doc/troubleshoot.html, give these three hints on troubleshooting:
1) - Configuration Problems
Rsyslog 3.21.1 and above has been enhanced to support extended configuration checking. It offers a special command line switch (-N1) that puts it into "config verfication mode". In that mode, it interprets and check the configuration file, but does not startup. This mode can be used in parallel to a running instance of rsyslogd.
To enable it, run rsyslog interactively as follows:
/path/to/rsyslogd -f/path/to/config-file -N1
You should also specify other options you usually give (like -c3 and whatever else). Any problems experienced are reported to stderr [aka "your screen" (if not redirected)].
2) - Debug Log
In general, it is advisable to run rsyslogd in the foreground to obtain the log. To do so, make sure you know which options are usually used when you start rsyslogd as a background daemon. Let's assume "-c3" is the only option used. Then, do the following:
* make sure rsyslogd as a daemon is stopped (verify with ps -ef|grep rsyslogd) * make sure you have a console session with root permissions * run rsyslogd interactively: /sbin/rsyslogd ..your options.. -dn > logfile where "your options" is what you usually use. /sbin/rsyslogd is the full path to the rsyslogd binary (location different depending on distro). In our case, the command would be /sbin/rsyslogd -c3 -dn > logfile * press ctrl-C when you have sufficient data (e.g. a device logged a record) NOTE: rsyslogd will NOT stop automatically - you need to ctrl-c out of it! * Once you have done all that, you can review logfile. It contains the debug output. * When you are done, make sure you re-enable (and start) the background daemon!
3) - http://www.rsyslog.com/doc/debug.html
HTH, -Bob