On 1/6/2012 1:05 AM, YunQiang Su wrote: > I have an rsyslog server which is running Debian Stable, > and its version of rsyslog is 4.6.4-2. > > All of my Debian Stable server can send log to it now. > and run both > nc $IP $PORT<<< "HELLO" > and > echo "HELLO" | nc $IP $PORT > on client, I can get log on the server. > > While for my CentOS 5.7 server, > nc $IP $PORT<<< "HELLO" > works well, but > echo "HELLO" | nc $IP $PORT > can not work. > tcpdump shows that it can get both of the 2 "HELLO" > from server. > > And I can not get log both by log file or tcpdump. > > *.* @@IP:PORT Compare the output of this command on both servers (run as root): netstat -npl | grep rsyslog Keep in mind that, rsyslog can listen for either UDP or TCP packets (or both) and by default a "nc" command will do tcp only. The relevant portions of the rsyslog.conf file: # Provides UDP syslog reception #$ModLoad imudp.so #$UDPServerRun 514 # Provides TCP syslog reception #$ModLoad imtcp.so #$InputTCPServerRun 514 -- Corey Henderson http://cormander.com/