Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 05-20-2016, 12:15 PM   #1
LQ Newbie
Registered: Feb 2016
Posts: 3

Rep: Reputation: Disabled
Rsyslog problems - clients don't seem to be generating traffic to central server

Still pretty new to Linux and I was given the task of getting encrypted rsyslog working from our Linux clients to our Linux central server. I decided to start with just getting rsyslog working w/o the encryption.

My problem is that my rsyslog clients don't seem to be generating any traffic for the central server. I know this by doing a packet-capture w/Wireshark. I can run the command "cat /var/log/messages | grep rsyslog" and I'm able to see the result of any "logger" command that I issue (for ex. "logger rsyslog_test". However, If I switch over to the central server I don't see that a message was received, and wireshark proves that no traffic left the client.

My central server is running RHEL7 (rsyslog ver: 7.4.7, my clients run RHEL 6 (rsyslog ver:5.8.10)

If I run "rsyslogd -N1 on the client I do see a message about it running in compatability mode, but it's not clear to me whether that's a problem or not.

Below is my rsyslog from my client. Does anything jump out as wrong to anyone? I'd appreciate any help I can get. I've scoured the internet for days and am just not seeing what's wrong.

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog

# Log cron stuff
cron.* /var/log/cron

# remote host is: name/iport, e.g. port optional
*.* @@x.x.x.x:10514

Last edited by triley555; 05-20-2016 at 12:25 PM.
Old 05-20-2016, 11:14 PM   #2
LQ Veteran
Registered: Feb 2015
Location: Oregon, USA
Distribution: Lubuntu 14.04, Windows Vista
Posts: 6,279
Blog Entries: 3

Rep: Reputation: 836Reputation: 836Reputation: 836Reputation: 836Reputation: 836Reputation: 836Reputation: 836

Just as a suggestion, you might want to change your username using the instructions at the top of the page here, lest your email inbox ends up with a boatload of SPAM in the very near future.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up Central Syslog Server Using RHEL 5.8 and rsyslog bkendall Linux - Server 3 07-12-2012 06:10 PM
Encrypting rsyslog traffic? arashi256 Linux - Server 1 05-04-2012 11:40 AM
LXer: Building A Central Loghost On CentOS And RHEL 5 With rsyslog LXer Syndicated Linux News 0 01-12-2011 05:30 PM
Update server like to update clients from a central database? linuxlover.chaitanya Ubuntu 2 06-20-2009 01:39 AM
Windows clients don't authenticate against AD on SLES 10 server plente Linux - Server 0 10-24-2008 03:39 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration