LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   syslog remote logging with rsyslog server (http://www.linuxquestions.org/questions/linux-newbie-8/syslog-remote-logging-with-rsyslog-server-903547/)

Chenchu 09-17-2011 12:01 PM

syslog remote logging with rsyslog server
 
hello,

I'm running 2 machines, one Redhat 6 and one Centos 5.
the Redhat machine runs rsyslog, and it functions as the server
and the Centos 5 runs syslog and functions as the client.

here is what I changed on the /etc/rsyslog.conf @ REDHAT:
Code:

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514

and that's what I changed on the /etc/syslog.conf @ CENTOS:
Code:

*.info                            @192.168.0.6
192.168.0.6 is Redhat's ip.

Now when I tested it with SELinux it looks like SELinux blocks the syslog daemon from contacting the rsyslog server, so I disabled SELinux but it still not working. any idea's?

anomie 09-17-2011 12:06 PM

Have you restarted the syslog service on both hosts after the changes? And how are you testing? Try something like (on the CentOS host):
Code:

$ logger -p kern.info 'Just me testing'
If that is not appearing in the RHEL6 logs, are you filtering inbound traffic on that host? You'll need to open up UDP 514 to at least allow from the CentOS host's IP.

Chenchu 09-17-2011 12:34 PM

Thank you for the quick answer.

I did restart both syslog daemons, but I forgot to shutdown the firewall & selinux on the server side (Redhat).

After doing so, tested it and it works :)

thanks again.

unSpawn 09-17-2011 02:34 PM

Quote:

Originally Posted by Chenchu (Post 4474516)
I forgot to shutdown the firewall & selinux on the server side (Redhat).

Even for testing disabling the firewall is completely unnecessary: just punch the right source / destination hole through the firewall. The same goes for SELinux: if it has any effect on Rsyslog then you'll find clues and remedies in /var/log/messages and /var/log/audit/audit.log.


All times are GMT -5. The time now is 10:18 PM.