I have an rsyslog server which is running Debian Stable, and its version of rsyslog is 4.6.4-2.
All of my Debian Stable server can send log to it now. and run both nc $IP $PORT <<< "HELLO" and echo "HELLO" | nc $IP $PORT on client, I can get log on the server.
While for my CentOS 5.7 server, nc $IP $PORT <<< "HELLO" works well, but echo "HELLO" | nc $IP $PORT can not work. tcpdump shows that it can get both of the 2 "HELLO" from server.
And I can not get log both by log file or tcpdump.
*.* @@IP:PORT
On 1/6/2012 1:05 AM, YunQiang Su wrote:
I have an rsyslog server which is running Debian Stable, and its version of rsyslog is 4.6.4-2.
All of my Debian Stable server can send log to it now. and run both nc $IP $PORT<<< "HELLO" and echo "HELLO" | nc $IP $PORT on client, I can get log on the server.
While for my CentOS 5.7 server, nc $IP $PORT<<< "HELLO" works well, but echo "HELLO" | nc $IP $PORT can not work. tcpdump shows that it can get both of the 2 "HELLO" from server.
And I can not get log both by log file or tcpdump.
*.* @@IP:PORT
Compare the output of this command on both servers (run as root):
netstat -npl | grep rsyslog
Keep in mind that, rsyslog can listen for either UDP or TCP packets (or both) and by default a "nc" command will do tcp only.
The relevant portions of the rsyslog.conf file:
# Provides UDP syslog reception #$ModLoad imudp.so #$UDPServerRun 514
# Provides TCP syslog reception #$ModLoad imtcp.so #$InputTCPServerRun 514
Debian Log server <------ Debian Web Server ^ | |_____X_________ CentOS Web Server
My network is like this.
On Fri, Jan 6, 2012 at 4:18 PM, Corey Henderson corman@cormander.comwrote:
On 1/6/2012 1:05 AM, YunQiang Su wrote:
I have an rsyslog server which is running Debian Stable, and its version of rsyslog is 4.6.4-2.
All of my Debian Stable server can send log to it now. and run both nc $IP $PORT<<< "HELLO" and echo "HELLO" | nc $IP $PORT on client, I can get log on the server.
While for my CentOS 5.7 server, nc $IP $PORT<<< "HELLO" works well, but echo "HELLO" | nc $IP $PORT can not work. tcpdump shows that it can get both of the 2 "HELLO" from server.
And I can not get log both by log file or tcpdump.
*.* @@IP:PORT
Compare the output of this command on both servers (run as root):
netstat -npl | grep rsyslog
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 17766/rsyslogd tcp 0 0 0.0.0.0:10001 0.0.0.0:* LISTEN 17766/rsyslogd tcp 0 0 0.0.0.0:10002 0.0.0.0:* LISTEN 17766/rsyslogd tcp 0 0 0.0.0.0:10003 0.0.0.0:* LISTEN 17766/rsyslogd tcp 0 0 0.0.0.0:10004 0.0.0.0:* LISTEN 17766/rsyslogd tcp 0 0 0.0.0.0:10005 0.0.0.0:* LISTEN 17766/rsyslogd
The CentOS Web Server is sending to 10005.
Keep in mind that, rsyslog can listen for either UDP or TCP packets (or both) and by default a "nc" command will do tcp only.
Now I use tcp only. And all Debian Web server's log can reach Debian Log Server.
The relevant portions of the rsyslog.conf file:
# Provides UDP syslog reception #$ModLoad imudp.so #$UDPServerRun 514
# Provides TCP syslog reception #$ModLoad imtcp.so #$InputTCPServerRun 514
-- Corey Henderson http://cormander.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Corey Henderson -
YunQiang Su