Logging from remote sources
Roberto Ragusa
mail at robertoragusa.it
Mon Mar 2 21:58:20 UTC 2009
Gene Heskett wrote:
> I want to set up rsyslog on this machine to be a receiver, and log to a
> separate file, the data it should be capturing on port 514. Right now, it
> looks like a pretty good imitation of /dev/null. :)
>
> I have the manpages and docs installed for rsyslog, and they seem to contain
> nice examples of sending the logs someplace else, but nothing on the reverse,
> where it is to log from another source.
Well, I just had a look at the man pages and conf files and found this:
# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp.so
#$InputTCPServerRun 514
which appears to be what you have to uncomment to receive messages.
Do you want to receive TCP or UDP?
Try to understand if data is coming to your machine with
tcpdump -i eth0 -n -n
and do not forget to make a hole in the firewall to avoid
discarding these packets.
--
Roberto Ragusa mail at robertoragusa.it
More information about the fedora-list
mailing list