Hey, I have two questions.
I have setup a rsyslog using relp. If the client is in the same network than the server, we send the logs using relp with plain text. If it is in a different network then the traffic is encrypted using stunnel. Our rsyslog server is in the cloud (amazon). I have defined a security group with protocol TCP and its port. It is working. However, I have two questions: *Q1*. If the firewall blocks the tcp connection then the messages are lost. I though they will be queued until it is unblocked but no. Is this the normal behaviour? Here I paste a piece of my client config file: $WorkDirectory /mnt/rsyslog # default location for work (spool) files $ActionQueueType LinkedList # use asynchronous processing $ActionQueueFileName srvrfwd # set file name, also enables disk mode $ActionResumeRetryCount -1 # infinite retries on insert failure $ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down $template lala,"<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %msg%\n" *.* :omrelp:myrsyslog-server.tarari.com:20500;lala and the Amazon rule: Allow: - protocol:*TCP* port:*20500* group:*syslog* *Q2*. This is an academic question :-). The rule in the firewall uses TCP:port. However, we are using RELP. Is relp basically an improved TCP? Thanks a log, Xavi _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
