On Tue, Dec 14, 2010 at 10:23 AM, carlopmart <carlopmart at gmail.com> wrote: > On 12/14/2010 04:01 PM, Bob Beers wrote: >> On Tue, Dec 14, 2010 at 9:16 AM, carlopmart<carlopmart at gmail.com> wrote: >>> Oops sorry. I prefer to bind via tcp port, if it is possible... is it? >> >> I guess so ... you couldn't reach the links I provided? Try in rsyslog.conf: >> >> $ModLoad imtcp >> $TCPServerAddress 192.0.2.1 >> $InputTCPServerRun 514 >> > > Yes, I have tried, and doesn't works: > > #### MODULES #### > > #$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger > command) > #$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) > #$ModLoad immark.so # provides --MARK-- message capability > > # Provides UDP syslog reception > #$ModLoad imudp.so > #$UDPServerAddress 172.25.50.26 > #$UDPServerRun 514 > > # Provides TCP syslog reception > $ModLoad imtcp.so > $TCPServerAddress 172.25.50.26 > $InputTCPServerRun 514 > > > and netstat output: > > [root at loghost librelp-0.1.1]# netstat -anp |grep rsyslog > tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN > 4446/rsyslogd > unix 3 [ ] DGRAM 543447 1001/rsyslogd /dev/log > Are you sure you did a 'service rsyslogd restart' after changing rsyslog.conf? Again looking at this site: <http://www.rsyslog.com/doc/manual.html>, specifically <http://www.rsyslog.com/doc/troubleshoot.html>, give these three hints on troubleshooting: 1) - Configuration Problems Rsyslog 3.21.1 and above has been enhanced to support extended configuration checking. It offers a special command line switch (-N1) that puts it into "config verfication mode". In that mode, it interprets and check the configuration file, but does not startup. This mode can be used in parallel to a running instance of rsyslogd. To enable it, run rsyslog interactively as follows: /path/to/rsyslogd -f/path/to/config-file -N1 You should also specify other options you usually give (like -c3 and whatever else). Any problems experienced are reported to stderr [aka "your screen" (if not redirected)]. 2) - Debug Log In general, it is advisable to run rsyslogd in the foreground to obtain the log. To do so, make sure you know which options are usually used when you start rsyslogd as a background daemon. Let's assume "-c3" is the only option used. Then, do the following: * make sure rsyslogd as a daemon is stopped (verify with ps -ef|grep rsyslogd) * make sure you have a console session with root permissions * run rsyslogd interactively: /sbin/rsyslogd ..your options.. -dn > logfile where "your options" is what you usually use. /sbin/rsyslogd is the full path to the rsyslogd binary (location different depending on distro). In our case, the command would be /sbin/rsyslogd -c3 -dn > logfile * press ctrl-C when you have sufficient data (e.g. a device logged a record) NOTE: rsyslogd will NOT stop automatically - you need to ctrl-c out of it! * Once you have done all that, you can review logfile. It contains the debug output. * When you are done, make sure you re-enable (and start) the background daemon! 3) - <http://www.rsyslog.com/doc/debug.html> HTH, -Bob