Hello,
im trying to setup a Proof of concept solutions with log server. And to that end i was trying to add syslog data from other machines. I pressed the "start sending logs - LINUX SOURCE". And a nice script came to me. I tried that. (nothing worked). The syslog was stoed in the temp directory, but nothing came to the log server. I tried to telnet (with success), so it wasent that. I then tried to do the "manual install" where the setup more in detail. With no success.
I then found out the error. The following line (in both "auto" and "manual" install) is not working for me:
# Remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional NAGIOSLOGSERVER
*.* @@10.231.1.137:5544 # NAGIOSLOGSERVER
If you look into the "template" in /etc/rsyslog.conf you can also se:
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
So this seems right. BUT if i do this:
*.* @10.231.1.137:5544 # NAGIOSLOGSERVER
(deleted one "@") Then things works !!! Im getting data to my log server and all seems well.
I am running RHEL 6
[root@mgt-abc01 rsyslog]# uname -a
Linux mgt-abc01.prod.umit.dk 2.6.32-504.23.4.el6.x86_64 #1 SMP Fri May 29 10:16:43 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@mgt-abc01 rsyslog]# rsyslogd -version
rsyslogd 5.8.10, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
What do you guys have to say ??? do you have the same problems with the documented syntax ????
//Jan Chu
Rsyslog scripts all wrong
Re: Rsyslog scripts all wrong
Two at signs (@@) means that the log message is transmitted using the TCP protocol. Removing a single at sign is causing your messages to be sent via UDP - are you certain that you were listening on a TCP port for your incoming logs?
The documented syntax has been tested and is valid - I double checked just now and using the Linux setup script I was capable of sending logs to my Nagios Log Server. Keep in mind that SELinux could interfere with log sending on your remote hosts.
The documented syntax has been tested and is valid - I double checked just now and using the Linux setup script I was capable of sending logs to my Nagios Log Server. Keep in mind that SELinux could interfere with log sending on your remote hosts.
Re: Rsyslog scripts all wrong
thank you very much for you feedback. I should be listening on TCP, i checked listening ports on the server, and it was both UDP and TCP on port 5544. But now i have something to go on. Thank you very much for this information, its very usefull 
//Jan Chu
//Jan Chu
Re: Rsyslog scripts all wrong
Jan Chu,
No problem - please let me know if you have further questions. Thank you!
No problem - please let me know if you have further questions. Thank you!
Re: Rsyslog scripts all wrong
It was SELinux what was toying with me. Though i had disabled it.... =)
Thanks for the guidence.
//Jan Chu
Thanks for the guidence.
//Jan Chu
Re: Rsyslog scripts all wrong
I can't believe SeLinux would ever cause a problem with anything! 
Are we all right to close this thread?
Are we all right to close this thread?
Former Nagios Employee.
me.
me.