Hi all,
Somebody knows how can I bind rsyslogd to a specific ip adress?? I have two different interfaces on a centos5.5 host and I need to bind rsyslog to only one.
Thanks.
On Tue, Dec 14, 2010 at 8:22 AM, carlopmart carlopmart@gmail.com wrote:
Hi all,
Somebody knows how can I bind rsyslogd to a specific ip adress?? I have two different interfaces on a centos5.5 host and I need to bind rsyslog to only one.
Hi CL,
I looked here: http://wiki.rsyslog.com/index.php/Very_simple_config_--_starting_point_for_modifications and read this:
-=-=-=-=-=-=-=-=- # -- Loading modules
$ModLoad immark $ModLoad imudp $ModLoad imtcp $ModLoad imuxsock $ModLoad imklog
# I also wanted to be able to receive syslog traffic
$UDPServerAddress 0.0.0.0 $UDPServerRun 514 -=-=-=-=-=-=-=-=-
Over here http://www.rsyslog.com/doc/v3compatibility.html: I read this:
-=-=-=-=-=-=-=-=- The following example configures an UDP syslog server at the local address 192.0.2.1 on port 514:
$ModLoad imudp $UDPServerAddress 192.0.2.1 # this MUST be before the $UDPServerRun directive! $UDPServerRun 514
"$UDPServerAddress *" means listen on all local interfaces. This is the default if no directive is specified.
Please note that now multiple listeners are supported. For example, you can do the following:
$ModLoad imudp $UDPServerAddress 192.0.2.1 # this MUST be before the $UDPServerRun directive! $UDPServerRun 514 $UDPServerAddress * # all local interfaces $UDPServerRun 1514
These config file settings run two listeners: one at 192.0.2.1:514 and one on port 1514, which listens on all local interfaces. -=-=-=-=-=-=-=-=-
HTH, -Bob
On 12/14/2010 02:41 PM, Bob Beers wrote:
On Tue, Dec 14, 2010 at 8:22 AM, carlopmartcarlopmart@gmail.com wrote:
Hi all,
Somebody knows how can I bind rsyslogd to a specific ip adress?? I have two different interfaces on a centos5.5 host and I need to bind rsyslog to only one.
Hi CL,
I looked here:http://wiki.rsyslog.com/index.php/Very_simple_config_--_starting_point_for_modifications and read this:
-=-=-=-=-=-=-=-=- # -- Loading modules
$ModLoad immark $ModLoad imudp $ModLoad imtcp $ModLoad imuxsock $ModLoad imklog
# I also wanted to be able to receive syslog traffic
$UDPServerAddress 0.0.0.0 $UDPServerRun 514 -=-=-=-=-=-=-=-=-
Over herehttp://www.rsyslog.com/doc/v3compatibility.html: I read this:
-=-=-=-=-=-=-=-=- The following example configures an UDP syslog server at the local address 192.0.2.1 on port 514:
$ModLoad imudp $UDPServerAddress 192.0.2.1 # this MUST be before the $UDPServerRun directive! $UDPServerRun 514
"$UDPServerAddress *" means listen on all local interfaces. This is the default if no directive is specified.
Please note that now multiple listeners are supported. For example, you can do the following:
$ModLoad imudp $UDPServerAddress 192.0.2.1 # this MUST be before the $UDPServerRun directive! $UDPServerRun 514 $UDPServerAddress * # all local interfaces $UDPServerRun 1514
These config file settings run two listeners: one at 192.0.2.1:514 and one on port 1514, which listens on all local interfaces. -=-=-=-=-=-=-=-=-
HTH, -Bob
Oops sorry. I prefer to bind via tcp port, if it is possible... is it?
Thanks.
On 12/14/2010 04:01 PM, James Pearson wrote:
carlopmart wrote:
Oops sorry. I prefer to bind via tcp port, if it is possible... is it?
The rsyslog.conf man page describes what you need to do.
Where?? I have read it and I didn't find anything about this ...
On Tue, Dec 14, 2010 at 9:16 AM, carlopmart carlopmart@gmail.com wrote:
Oops sorry. I prefer to bind via tcp port, if it is possible... is it?
I guess so ... you couldn't reach the links I provided? Try in rsyslog.conf:
$ModLoad imtcp $TCPServerAddress 192.0.2.1 $InputTCPServerRun 514
-Bob
On 12/14/2010 04:01 PM, Bob Beers wrote:
On Tue, Dec 14, 2010 at 9:16 AM, carlopmartcarlopmart@gmail.com wrote:
Oops sorry. I prefer to bind via tcp port, if it is possible... is it?
I guess so ... you couldn't reach the links I provided? Try in rsyslog.conf:
$ModLoad imtcp $TCPServerAddress 192.0.2.1 $InputTCPServerRun 514
Yes, I have tried, and doesn't works:
#### MODULES ####
#$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) #$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) #$ModLoad immark.so # provides --MARK-- message capability
# Provides UDP syslog reception #$ModLoad imudp.so #$UDPServerAddress 172.25.50.26 #$UDPServerRun 514
# Provides TCP syslog reception $ModLoad imtcp.so $TCPServerAddress 172.25.50.26 $InputTCPServerRun 514
and netstat output:
[root@loghost librelp-0.1.1]# netstat -anp |grep rsyslog tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 4446/rsyslogd unix 3 [ ] DGRAM 543447 1001/rsyslogd /dev/log
On Tue, Dec 14, 2010 at 10:23 AM, carlopmart carlopmart@gmail.com wrote:
On 12/14/2010 04:01 PM, Bob Beers wrote:
On Tue, Dec 14, 2010 at 9:16 AM, carlopmartcarlopmart@gmail.com wrote:
Oops sorry. I prefer to bind via tcp port, if it is possible... is it?
I guess so ... you couldn't reach the links I provided? Try in rsyslog.conf:
$ModLoad imtcp $TCPServerAddress 192.0.2.1 $InputTCPServerRun 514
Yes, I have tried, and doesn't works:
#### MODULES ####
#$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) #$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) #$ModLoad immark.so # provides --MARK-- message capability
# Provides UDP syslog reception #$ModLoad imudp.so #$UDPServerAddress 172.25.50.26 #$UDPServerRun 514
# Provides TCP syslog reception $ModLoad imtcp.so $TCPServerAddress 172.25.50.26 $InputTCPServerRun 514
and netstat output:
[root@loghost librelp-0.1.1]# netstat -anp |grep rsyslog tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 4446/rsyslogd unix 3 [ ] DGRAM 543447 1001/rsyslogd /dev/log
Are you sure you did a 'service rsyslogd restart' after changing rsyslog.conf?
Again looking at this site: http://www.rsyslog.com/doc/manual.html, specifically http://www.rsyslog.com/doc/troubleshoot.html, give these three hints on troubleshooting:
1) - Configuration Problems
Rsyslog 3.21.1 and above has been enhanced to support extended configuration checking. It offers a special command line switch (-N1) that puts it into "config verfication mode". In that mode, it interprets and check the configuration file, but does not startup. This mode can be used in parallel to a running instance of rsyslogd.
To enable it, run rsyslog interactively as follows:
/path/to/rsyslogd -f/path/to/config-file -N1
You should also specify other options you usually give (like -c3 and whatever else). Any problems experienced are reported to stderr [aka "your screen" (if not redirected)].
2) - Debug Log
In general, it is advisable to run rsyslogd in the foreground to obtain the log. To do so, make sure you know which options are usually used when you start rsyslogd as a background daemon. Let's assume "-c3" is the only option used. Then, do the following:
* make sure rsyslogd as a daemon is stopped (verify with ps -ef|grep rsyslogd) * make sure you have a console session with root permissions * run rsyslogd interactively: /sbin/rsyslogd ..your options.. -dn > logfile where "your options" is what you usually use. /sbin/rsyslogd is the full path to the rsyslogd binary (location different depending on distro). In our case, the command would be /sbin/rsyslogd -c3 -dn > logfile * press ctrl-C when you have sufficient data (e.g. a device logged a record) NOTE: rsyslogd will NOT stop automatically - you need to ctrl-c out of it! * Once you have done all that, you can review logfile. It contains the debug output. * When you are done, make sure you re-enable (and start) the background daemon!
3) - http://www.rsyslog.com/doc/debug.html
HTH, -Bob
-
Bob Beers -
carlopmart -
James Pearson