Re: Trouble with remote rsyslog
Summarizing the other comments and adding my own...
vr (debian-user@iotk.net on 2011-11-30 00:03 -0500):
> I'm having trouble getting remote rsyslog to work.
> Can anyone look over my config and offer clues what I've done wrong
> please?
>
>
> SENDING SERVER (99.30.25.3, Squeeze, up to date)
>
> /etc/rsyslog.conf
> $ModLoad imudp
> $UDPServerRun 514
The sender needs omudp (the output module), and is not a UDP server.
> main.info @99.30.25.3
> mail.warn @99.30.25.3
> mail.err @99.30.25.3
You're sending to the wrong address
>
> /etc/default/rsyslog
> RSYSLOGD_OPTIONS="-c4"
>
>
>
>
> RECEIVING SERVER (99.30.25.2, Squeeze, up to date)
>
> /etc/rsyslog.conf
> $ModLoad imudp
> $UDPServerRun 514
This will work, but note that the recommended protocol for
rsyslog-to-rsyslog logging is RFC3195:
$ModLoad imrelp
$InputRELPServerRun 2514
>
>
> /etc/default/rsyslog
> RSYSLOGD_OPTIONS="-r"
That file should warn you that -r is deprecated, and it is not needed
if you load the correct modules anyway.
Finally, you're opening your syslog port on a public interface. Please
make sure you have an adequate firewall.
Regards,
Arno
Reply to: