Hi,
We have a setup where there are multiple nodes generating application logs and events (a form of logs). On one of the node rsyslog is configured to use UDP (port: 1000). Call it Master On all nodes events are forwarded to the master using internalIP:1000 Master node also hosts Ethernet interface towards the backhaul. In rsyslog-master.conf file input(type="imudp" port="1025") -- address is not given. In each individual node, we had recently added an action to stream events collected in local7 facility to an external server. local7.* action(type="omfwd" Target="11.11.11.11" Port="514" Protocol="udp" Template="ForwardFormat") Observation: Master node was receiving the events from local7 sent to external server at port 514. Resolution: Rsyslog on Master node was configured with address, after which there were no duplicate events logged on Master node. input(type="imudp" address="169.1.1.2" port="1025") -- address added. Question: When port numbers were different why master node without IP address received both the events. Protocol was same, but the ports were different. Appreciate your help in helping me understand the behaviour. Thanks and Regards Lak. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
