I'm having a problem configuring a central logging server with rsyslog on CentOS 6.3. It's set to accept incoming logs on UDP port 514 and TCP port 10514. Right now I have all logs, including local server logs, going to the same log file to confirm that my templates are working. SELinux is set to Permissive and I have iptables set with incoming rules for both UDP port 514 and TCP port 10514.
I have two machines currently set to send logs to the central server. One is a production server running CentOS 5.7 and using syslog (not rsyslog). The other is my desktop running Ubuntu 12.04.1 using rsyslog. The server is using UDP and my desktop is using TCP. Tcpdump shows that the logs are being sent from both machines to the central server, but from there the logs aren't being processed by rsyslog. I've tried everything I could find on the documentation with no success. If anyone can help with this, let me know. I can send any config files you need. Here is my rsyslog.conf file from the server: #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception $ModLoad imudp $UDPServerAddress * $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRun 10514 # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf # Templates $template TestFileLoc,"/logging/test/%$now%.log" $template TestFileFormat,"%timestamp% %syslogfacility-text% %syslogseverity-text% %msg% \n" #### RULES #### # test to dump everything to template location *.* ?TestFileLoc;TestFileFormat # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log Thanks, John _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
