> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Xavier Fustero > Sent: Friday, July 20, 2012 10:51 AM > To: rsyslog-users > Subject: [rsyslog] Messages lost and AWS Security Group > > Hey, > > I have two questions. > > I have setup a rsyslog using relp. If the client is in the same network > than the server, we send the logs using relp with plain text. If it is in a > different network then the traffic is encrypted using stunnel. Our rsyslog > server is in the cloud (amazon). I have defined a security group with > protocol TCP and its port. It is working. However, I have two questions: > > *Q1*. If the firewall blocks the tcp connection then the messages are lost. > I though they will be queued until it is unblocked but no. Is this the > normal behaviour? Here I paste a piece of my client config file: > > $WorkDirectory /mnt/rsyslog # default location for work (spool) files > > $ActionQueueType LinkedList # use asynchronous processing > $ActionQueueFileName srvrfwd # set file name, also enables disk mode > $ActionResumeRetryCount -1 # infinite retries on insert failure > $ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down > > $template lala,"<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% > %syslogtag% > %msg%\n" > *.* :omrelp:myrsyslog-server.tarari.com:20500;lala
Is this the exact snippet without any other statements in between? Than it should work as you expect. > > and the Amazon rule: Allow: - protocol:*TCP* port:*20500* group:*syslog* > > > *Q2*. This is an academic question :-). The rule in the firewall uses > TCP:port. However, we are using RELP. Is relp basically an improved TCP? RELP (like http or SMTP) works on top of TCP, so it simply is higher up in the stack, so it *is* TCP. Rainer > > Thanks a log, > Xavi > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
