Here, I just typed up the config of ryslog.conf from my server and client. As mentioned earlier, logs from ubuntu client is coming fine but from rhel8 client is all weird. Any help would be appreciated.
So here is the rsyslog.conf on my rsyslog server (ubuntu 2204): module(load="imjournal") module(load="imuxsock") module(load="immark") module(load="lmtcp") input(type="lmtcp" port="514") $template RemoteLogs,,"/var/log/remotelogs/%HOSTNAME%/%PROGRAMNAME%.log" *.* -?RemoteLogs $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $RepeatedMsgReduction on $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirectCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDroptoGroup syslog $WorkDirectory /var/spool/rsyslog $InclideConfig /etc/rsyslog.d/*.conf Here is the client configuration (rhel8) module(load="imuxsock" SysSock.Use="off") module(load="lmjournal" StateFile="lmjournal.state") global(workDirectory="/var/lib/rsyslog") module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileForma") include(file="/etc/rsyslog.d/*.conf" mode="optional") *.infolmail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure daemon.* /var/log/secure auth.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg😗 uucp,news.crit /var/log/spooler local7.* /var/log/boot.log *.* @@<rsysylog-server-ip>:514 Thanks for your help. ________________________________ From: Jayesh H Kamdar Sent: Friday, August 22, 2025 2:57 PM To: [email protected] <[email protected]> Subject: Logs received from RHEL8 client on my rsyslog server (ubuntu 2204) are not correct and weirdly formatted I just setup a rsyslog server on ubuntu 2204. I have configured few clients (RHEL8 and Ubuntu 2004) to send logs to this rsyslog server. Logs from ubuntu clients are coming fine but from the RHEL8 machines, all I see are files starts with quotes and rest of file name is made up of numbers and hash sign (#). And some files are binary files and others are made up of #, digits and hash sign. I won't able to upload config file (rsyslog.conf) as I am an air gapped lab. Here is the example of files names received on my rsyslog server: #026#003#001#000.log #010#005#005#003#010#006#006#002.log Name of the log files received for both RHEL8 clients are exactly same but none of these files have any system logs. My rsyslog.conf on the client has this config: *.* @@<log-server-ip>:514 I have compared rsyslog.conf with other working hosts and all looks normal. Anyone has come across this kind of issue? _______________________________________ Jayesh Kamdar R116 - Lab Services System Administrator, Lead 781-271-5352 MITRE | Mission First, People Always _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
