If you are not concerned about encryption between systems try the following changes on the Ubuntu server…
module(load=“imptcp”) input(type=“imptcp" port="514”) > On Sep 2, 2025, at 15:12, Jayesh H Kamdar via rsyslog > <[email protected]> wrote: > > Here, I just typed up the config of ryslog.conf from my server and client. As > mentioned earlier, logs from ubuntu client is coming fine but from rhel8 > client is all weird. Any help would be appreciated. > > So here is the rsyslog.conf on my rsyslog server (ubuntu 2204): > > module(load="imjournal") > module(load="imuxsock") > module(load="immark") > > module(load="lmtcp") > input(type="lmtcp" port="514") > > $template RemoteLogs,,"/var/log/remotelogs/%HOSTNAME%/%PROGRAMNAME%.log" > *.* -?RemoteLogs > > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > $RepeatedMsgReduction on > $FileOwner syslog > $FileGroup adm > $FileCreateMode 0640 > $DirectCreateMode 0755 > $Umask 0022 > $PrivDropToUser syslog > $PrivDroptoGroup syslog > > $WorkDirectory /var/spool/rsyslog > $InclideConfig /etc/rsyslog.d/*.conf > > > > Here is the client configuration (rhel8) > > module(load="imuxsock" > SysSock.Use="off") > module(load="lmjournal" > StateFile="lmjournal.state") > global(workDirectory="/var/lib/rsyslog") > > module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileForma") > include(file="/etc/rsyslog.d/*.conf" mode="optional") > > *.infolmail.none;authpriv.none;cron.none /var/log/messages > authpriv.* /var/log/secure > daemon.* /var/log/secure > auth.* /var/log/secure > > mail.* -/var/log/maillog > cron.* /var/log/cron > *.emerg :omusrmsg😗 > uucp,news.crit /var/log/spooler > local7.* /var/log/boot.log > > *.* @@<rsysylog-server-ip>:514 > > > > > Thanks for your help. > > > > > > > > ________________________________ > From: Jayesh H Kamdar > Sent: Friday, August 22, 2025 2:57 PM > To: [email protected] <[email protected]> > Subject: Logs received from RHEL8 client on my rsyslog server (ubuntu 2204) > are not correct and weirdly formatted > > I just setup a rsyslog server on ubuntu 2204. I have configured few clients > (RHEL8 and Ubuntu 2004) to send logs to this rsyslog server. Logs from ubuntu > clients are coming fine but from the RHEL8 machines, all I see are files > starts with quotes and rest of file name is made up of numbers and hash sign > (#). And some files are binary files and others are made up of #, digits and > hash sign. I won't able to upload config file (rsyslog.conf) as I am an air > gapped lab. > > Here is the example of files names received on my rsyslog server: > #026#003#001#000.log > #010#005#005#003#010#006#006#002.log > > Name of the log files received for both RHEL8 clients are exactly same but > none of these files have any system logs. My rsyslog.conf on the client has > this config: *.* @@<log-server-ip>:514 I have compared rsyslog.conf with > other working hosts and all looks normal. > > Anyone has come across this kind of issue? > > > > > _______________________________________ > > Jayesh Kamdar > > R116 - Lab Services > > System Administrator, Lead > > 781-271-5352 > > MITRE | Mission First, People Always > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
