all of those &stop lines are telling rsyslog that if it matches the filter and
writes it to the file that it should stop processing that message.
As a result, anything that gets written to a local file will stop processing
before it gets down to your udp sending action
David Lang
On Thu, 17 Aug 2023, kathy lyons wrote:
Date: Thu, 17 Aug 2023 13:12:03 -0400
From: kathy lyons <kathy.ly...@zayo.com>
To: David Lang <da...@lang.hm>
Cc: kathy lyons via rsyslog <rsyslog@lists.adiscon.com>
Subject: Re: [rsyslog] rsyslog - problem sending udp traffic
Here it is:
module(load="imfile")
module(load="imuxsock")
module(load="imklog")
module(load="imjournal")
timezone(id="UTC")
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$RepeatedMsgReduction on
$FileOwner syslog
$FileGroup adm
global(net.enableDNS="off" workDirectory="/var/spool/rsyslog"
maxMessageSize="128K")
$IncludeConfig /etc/rsyslog.d/*.conf
audit.* action(type="omfile" file="/var/log/audit/audit.log")
& stop
auth.warning;authpriv.info.* action(type="omfile"
file="/var/log/auth.log")
& stop
auth,authpriv.none action(type="omfile"
file="/var/log/syslog")
& stop
cron.info action(type="omfile"
file="/var/log/cron.log")
& stop
daemon.info action(type="omfile" file="/var/log/daemon.log")
& stop
kern.info action(type="omfile" file="/var/log/kern.log")
& stop
user.info action(type="omfile" file="/var/log/user.log")
& stop
local7.* action(type="omfile" file="/var/log/boot.log")
& stop
*.* @x.x.x.x
rsyslogd -N1 shows no errors. strace shows no errors.
On Wed, Aug 16, 2023 at 12:15 PM David Lang <da...@lang.hm> wrote:
please post your full config.
I would also check your firewall config (iptables/nftables) on the system
to see
if it's blocking the connection.
Also make sure you have a route to the destination IP (you probably have a
default route that does this, but it is something we've run across)
are you seeing any startup errors? or config errors (start rsyslog
manually with
rsyslogd -N1
if none of that helps, we may need to get debug info, but start with the
simpler
stuff. Normally this 'just works' so I'd guess that it's a syntax error
somewhere in the config.
David Lang
On Wed, 16 Aug 2023, kathy lyons via rsyslog wrote:
I hope this is the right place to ask this question. I have a basic
rsyslog setup sending udp data from a Debian 11 host to a remote server.
At the bottom of my rsyslog.conf file I have:
*.* @x.x.x.x
Logs are being sent to /var/log/daemon.log, /var/log/syslog, etc. so I am
not worried about that. The problem is that on the device itself I do not
see any logs leaving the device. Nor do I see them at the firewall
(x.x.x.x). I have used netcat to see if the remote port is open and
reachable and it is. I have re-install rsyslog and restarted it.
Nothing
seems to work.
However, when I issue the logger command:
logger -n x.x.x.x -P 514 -d "This is a test"
I see that data. What else can I check with my rsyslog setup? Thank
you.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
