Re: Trouble with remote rsyslog

To: debian-user@lists.debian.org
Subject: Re: Trouble with remote rsyslog
From: Arno Schuring <aelschuring@hotmail.com>
Date: Wed, 30 Nov 2011 23:01:14 +0100
Message-id: <[🔎] 20111130230114.46c32564@neminis.intra.loos.site>
In-reply-to: <[🔎] eae57450feae1c9492993157c7596d02@mycube.iotk.net>
References: <[🔎] eae57450feae1c9492993157c7596d02@mycube.iotk.net>

Summarizing the other comments and adding my own...

vr (debian-user@iotk.net on 2011-11-30 00:03 -0500):
> I'm having trouble getting remote rsyslog to work.
> Can anyone look over my config and offer clues what I've done wrong 
> please?
> 
> 
> SENDING SERVER (99.30.25.3, Squeeze, up to date)
> 
> /etc/rsyslog.conf
> $ModLoad imudp
> $UDPServerRun 514
The sender needs omudp (the output module), and is not a UDP server.

> main.info             @99.30.25.3
> mail.warn             @99.30.25.3
> mail.err              @99.30.25.3
You're sending to the wrong address

> 
> /etc/default/rsyslog
> RSYSLOGD_OPTIONS="-c4"
> 
> 
> 
> 
> RECEIVING SERVER (99.30.25.2, Squeeze, up to date)
> 
> /etc/rsyslog.conf
> $ModLoad imudp
> $UDPServerRun 514
This will work, but note that the recommended protocol for
rsyslog-to-rsyslog logging is RFC3195:
$ModLoad imrelp
$InputRELPServerRun 2514

> 
> 
> /etc/default/rsyslog
> RSYSLOGD_OPTIONS="-r"
That file should warn you that -r is deprecated, and it is not needed
if you load the correct modules anyway.

Finally, you're opening your syslog port on a public interface. Please
make sure you have an adequate firewall.


Regards,
Arno

Reply to:

References:
- Trouble with remote rsyslog
  - From: vr <debian-user@iotk.net>

Prev by Date: Re: Lost Alt+Backspace
Next by Date: Re: Trouble with remote rsyslog
Previous by thread: Re: Trouble with remote rsyslog
Next by thread: Synaptic 0.70: reporting wrong status for package?
Index(es):
- Date
- Thread