Still pretty new to Linux and I was given the task of getting encrypted rsyslog working from our Linux clients to our Linux central server. I decided to start with just getting rsyslog working w/o the encryption.

My problem is that my rsyslog clients don't seem to be generating any traffic for the central server. I know this by doing a packet-capture w/Wireshark. I can run the command "cat /var/log/messages | grep rsyslog" and I'm able to see the result of any "logger" command that I issue (for ex. "logger rsyslog_test". However, If I switch over to the central server I don't see that a message was received, and wireshark proves that no traffic left the client.

My central server is running RHEL7 (rsyslog ver: 7.4.7, my clients run RHEL 6 (rsyslog ver:5.8.10)

If I run "rsyslogd -N1 on the client I do see a message about it running in compatability mode, but it's not clear to me whether that's a problem or not.

Below is my rsyslog from my client. Does anything jump out as wrong to anyone? I'd appreciate any help I can get. I've scoured the internet for days and am just not seeing what's wrong.

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# remote host is: name/iport, e.g. 192.168.0.1:514 port optional
*.* @@x.x.x.x:10514

Hi...

Just as a suggestion, you might want to change your username using the instructions at the top of the page here, lest your email inbox ends up with a boatload of SPAM in the very near future.

Regards...