[CentOS] rsyslog server cannot get the logs

Fri Jan 6 08:29:21 UTC 2012
YunQiang Su <wzssyqa at gmail.com>

Debian Log server   <------ Debian Web Server
        ^
        |
        |_____X_________ CentOS Web Server

My network is like this.

On Fri, Jan 6, 2012 at 4:18 PM, Corey Henderson <corman at cormander.com>wrote:

> On 1/6/2012 1:05 AM, YunQiang Su wrote:
> > I have an rsyslog server which is running Debian Stable,
> > and its version of rsyslog is 4.6.4-2.
> >
> > All of my Debian Stable server can send log to it now.
> > and run both
> > nc $IP $PORT<<<  "HELLO"
> > and
> > echo "HELLO" | nc $IP $PORT
> > on client, I can get log on the server.
> >
> > While for my CentOS 5.7 server,
> > nc $IP $PORT<<<  "HELLO"
> > works well, but
> > echo "HELLO" | nc $IP $PORT
> > can not work.
> > tcpdump shows that it can get both of the 2 "HELLO"
> > from server.
> >
> > And I can not get log both by log file or tcpdump.
> >
> > *.* @@IP:PORT
>
> Compare the output of this command on both servers (run as root):
>
> netstat -npl | grep rsyslog
>
tcp        0      0 0.0.0.0:10000           0.0.0.0:*
LISTEN      17766/rsyslogd
tcp        0      0 0.0.0.0:10001           0.0.0.0:*
LISTEN      17766/rsyslogd
tcp        0      0 0.0.0.0:10002           0.0.0.0:*
LISTEN      17766/rsyslogd
tcp        0      0 0.0.0.0:10003           0.0.0.0:*
LISTEN      17766/rsyslogd
tcp        0      0 0.0.0.0:10004           0.0.0.0:*
LISTEN      17766/rsyslogd
tcp        0      0 0.0.0.0:10005           0.0.0.0:*
LISTEN      17766/rsyslogd

The CentOS Web Server is sending to 10005.

>
> Keep in mind that, rsyslog can listen for either UDP or TCP packets (or
> both) and by default a "nc" command will do tcp only.
>
Now I use tcp only.
And all Debian Web server's log can reach Debian Log Server.

> The relevant portions of the rsyslog.conf file:
>
> # Provides UDP syslog reception
> #$ModLoad imudp.so
> #$UDPServerRun 514
>
> # Provides TCP syslog reception
> #$ModLoad imtcp.so
> #$InputTCPServerRun 514
>
>
> --
> Corey Henderson
> http://cormander.com/
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
YunQiang Su