On Fri, 2 May 2014, Andrew Couzens wrote:
Greetings!
Question for anyone who might be familiar with rsyslog-5.8.x
The setup:
server-a listens for forwarded messages using tcp
server-b forwards messages to server-a using tcp
server-a has a template:
$template FwdMsg, "/var/log/network/%FROMHOST%.log"
and logs accordingly:
*.* ?FwdMsg
SUCCESS: Messages sent from a server-b like so, will show up in
/var/log/network/server-b on server-a:
logger -t test -p local0.notice test
FAIL: Messages sent from a server-b like so, get thrown on the floor by the
receiving rsyslogd (user.notice is the default facility.level pair):
logger -t test -p user.notice test
I've tcpdumped to see the packets clearly show up, but rsyslog discards them
since they do not show up in /var/log/network/server-b. Can anyone explain
this behaviour?
Thanks in advance for any light anyone might shed on this.
There's nothing inherent in rsyslog that would do this, you probably have some
rule (possibly in an include file) that is throwing away the log.
If you run the server in debug mode you will see exactly what it's doing with
that log message.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
