FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 11-30-2011, 04:03 AM
vr
 
Default Trouble with remote rsyslog

I'm having trouble getting remote rsyslog to work.
Can anyone look over my config and offer clues what I've done wrong
please?



SENDING SERVER (99.30.25.3, Squeeze, up to date)

/etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
main.info @99.30.25.3
mail.warn @99.30.25.3
mail.err @99.30.25.3

/etc/default/rsyslog
RSYSLOGD_OPTIONS="-c4"




RECEIVING SERVER (99.30.25.2, Squeeze, up to date)

/etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514


/etc/default/rsyslog
RSYSLOGD_OPTIONS="-r"


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: eae57450feae1c9492993157c7596d02@mycube.iotk.net"> http://lists.debian.org/eae57450feae1c9492993157c7596d02@mycube.iotk.net
 
Old 11-30-2011, 04:49 PM
Camaleón
 
Default Trouble with remote rsyslog

On Wed, 30 Nov 2011 00:03:26 -0500, vr wrote:

(...)

> SENDING SERVER (99.30.25.3, Squeeze, up to date)
>
> /etc/rsyslog.conf
> $ModLoad imudp
> $UDPServerRun 514
> main.info @99.30.25.3
^^^^^^^^^^^
(...)

Just thinking out loud... shouldn't that IP be the one of the receiver's
host?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2011.11.30.17.49.35@gmail.com">http://lists.debian.org/pan.2011.11.30.17.49.35@gmail.com
 
Old 11-30-2011, 06:08 PM
Michael Biebl
 
Default Trouble with remote rsyslog

A couple of issues:

On 30.11.2011 06:03, vr wrote:
> I'm having trouble getting remote rsyslog to work.
> Can anyone look over my config and offer clues what I've done wrong
> please?
>
>
> SENDING SERVER (99.30.25.3, Squeeze, up to date)
>
> /etc/rsyslog.conf
> $ModLoad imudp
> $UDPServerRun 514
> main.info @99.30.25.3
> mail.warn @99.30.25.3
> mail.err @99.30.25.3
>
> /etc/default/rsyslog
> RSYSLOGD_OPTIONS="-c4"

On the client, i.e. the sending host, you don't need $ModLoad imudp and
$UDPServerRun 514, that is only need for the receiving server.

And as was already mentioned, you are sending the messages to yourself


> RECEIVING SERVER (99.30.25.2, Squeeze, up to date)
>
> /etc/rsyslog.conf
> $ModLoad imudp
> $UDPServerRun 514
>
>
> /etc/default/rsyslog
> RSYSLOGD_OPTIONS="-r"

The options in /etc/default/rsyslog (as documented) are outdated. Keep
the default compat level (-c 4) and use the $UDPServerRun directive, as
you already did.

A trivial example:

sender (10.20.30.40):
*.* @11.22.33.44


receiver (11.22.33.44):
$ModLoad imudp
$UDPServerRun 514
*.* /var/log/all


That's all.

--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
 
Old 11-30-2011, 09:01 PM
Arno Schuring
 
Default Trouble with remote rsyslog

Summarizing the other comments and adding my own...

vr (debian-user@iotk.net on 2011-11-30 00:03 -0500):
> I'm having trouble getting remote rsyslog to work.
> Can anyone look over my config and offer clues what I've done wrong
> please?
>
>
> SENDING SERVER (99.30.25.3, Squeeze, up to date)
>
> /etc/rsyslog.conf
> $ModLoad imudp
> $UDPServerRun 514
The sender needs omudp (the output module), and is not a UDP server.

> main.info @99.30.25.3
> mail.warn @99.30.25.3
> mail.err @99.30.25.3
You're sending to the wrong address

>
> /etc/default/rsyslog
> RSYSLOGD_OPTIONS="-c4"
>
>
>
>
> RECEIVING SERVER (99.30.25.2, Squeeze, up to date)
>
> /etc/rsyslog.conf
> $ModLoad imudp
> $UDPServerRun 514
This will work, but note that the recommended protocol for
rsyslog-to-rsyslog logging is RFC3195:
$ModLoad imrelp
$InputRELPServerRun 2514

>
>
> /etc/default/rsyslog
> RSYSLOGD_OPTIONS="-r"
That file should warn you that -r is deprecated, and it is not needed
if you load the correct modules anyway.

Finally, you're opening your syslog port on a public interface. Please
make sure you have an adequate firewall.


Regards,
Arno


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20111130230114.46c32564@neminis.intra.loos.site">h ttp://lists.debian.org/20111130230114.46c32564@neminis.intra.loos.site
 
Old 11-30-2011, 09:50 PM
vr
 
Default Trouble with remote rsyslog

On 30.11.2011 12:49, Camaleón wrote:

On Wed, 30 Nov 2011 00:03:26 -0500, vr wrote:

(...)


SENDING SERVER (99.30.25.3, Squeeze, up to date)

/etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
main.info @99.30.25.3

^^^^^^^^^^^
(...)

Just thinking out loud... shouldn't that IP be the one of the
receiver's

host?

Greetings,

--
Camaleón



oh crap... I had the SEND/RECEIVE IP's reversed in the email but
they're right on the servers. Here's hopefully a clearer snip from each
host, with the corrections mentioned so far, firewall confirmed off
while testing to rule that out too, and rsyslog restarted at both nodes
(and still not working):



mail:~# ifconfig | grep Bcast
inet addr:99.30.25.2 Bcast:99.30.25.7 Mask:255.255.255.248

mail:~# grep RSYSLOGD /etc/default/rsyslog
RSYSLOGD_OPTIONS="-c4"

mail:~# grep @99 /etc/rsyslog.conf
main.info @99.30.25.3
mail.warn @99.30.25.3
mail.err @99.30.25.3

mail:~# egrep '(imudp|UDPServerRun)' /etc/rsyslog.conf
#$ModLoad imudp
#$UDPServerRun 514

mail:~# netstat -na | grep :514
mail:~#




RECEIVING SERVER
prod:~# ifconfig | grep Bcast
inet addr:99.30.25.3 Bcast:99.30.25.7 Mask:255.255.255.248

prod:~# grep RSYSLOGD /etc/default/rsyslog
RSYSLOGD_OPTIONS="-c4"

prod:~# egrep '(imudp|UDPServerRun)' /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514

prod:~# grep @99 /etc/rsyslog.conf
prod:~#

prod:~# netstat -na | grep :514
udp 0 0 0.0.0.0:514 0.0.0.0:*
udp6 0 0 :::514 :::*


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 690a289d373b9c2a494130c011bc43ee@mycube.iotk.net"> http://lists.debian.org/690a289d373b9c2a494130c011bc43ee@mycube.iotk.net
 
Old 12-01-2011, 03:43 PM
Camaleón
 
Default Trouble with remote rsyslog

On Wed, 30 Nov 2011 17:50:35 -0500, vr wrote:

> On 30.11.2011 12:49, Camaleón wrote:

>>> main.info @99.30.25.3
>> ^^^^^^^^^^^
>> (...)
>>
>> Just thinking out loud... shouldn't that IP be the one of the
>> receiver's
>> host?
>
>
> oh crap... I had the SEND/RECEIVE IP's reversed in the email but they're
> right on the servers. Here's hopefully a clearer snip from each host,
> with the corrections mentioned so far, firewall confirmed off while
> testing to rule that out too, and rsyslog restarted at both nodes (and
> still not working):

(...)

Okay :-)

Then review the other user's comments on how to setup both, sending and
receiving host and if you are sure your config files are correct but
still not receiving nothing at the remote side, check the logs from both
machines.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2011.12.01.16.43.03@gmail.com">http://lists.debian.org/pan.2011.12.01.16.43.03@gmail.com
 

Thread Tools




All times are GMT. The time now is 12:06 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org