-   Linux - Software (
-   -   Problem when autostarting rsyslog (

gatsby 09-23-2008 02:31 PM

Problem when autostarting rsyslog
This is probably a pretty basic question, but I am trying to build an rsyslog server. I'm wondering how I can get this rsyslog service to automatically begin listening on a predefined TCP port at start-up.

I can get the rsyslog service to start up automatically without a problem or error message, but I'm unsure how to tell it to automatically listen on this TCP port. Only when I manually start the service with the command "rsyslogd -t514" can I then see the listener running on TCP 514 with nmap. Help?

unSpawn 09-23-2008 04:19 PM

Please fill in your distribution information in your profile. It helps.

First thing is to find if your system starts daemons using SysV initscripts or BSD stylee. To find out where to add your setting, reading (grepping) the initialisation scripts for rsyslog will show if any additional configuration files get sourced for settings or if it's all in the initscript itself or if it's in the daemons own configuration file.

gatsby 09-24-2008 07:30 AM

Distro is Red Hat Enterprise Linux 5.

One thing I've tried is to add the "-t<port_number>" switch to the /etc/init.d/rsyslog script. When I start the rsyslog service with this new configuration though, an error results saying "binary operator expected".

rgerhards 09-24-2008 07:42 AM

I assume you use the package that comes with RHEL. That is a v2 rsyslog (that is important because v3 has different/additional syntax which you can not apply to v2 - v2 syntax is of course supported by v3 iif running in compatibility mode).

The -t switch is correct for v2. I unfortunately do not know where you must enter it, but I remember there was a shell variable that contained it. But I may be wrong...

HTH ... a bit ;)

gatsby 09-24-2008 08:00 AM

Yes, it is rsyslog 2.0.

gatsby 09-25-2008 09:12 AM

From the official documentation:

"The really important thing in rsyslogd configuration is that you must make it listen to tcp port 61514 (remember: this is where stunnel send the messages to). Thankfully, this is easy to achive: just add "-t 61514" to the rsyslogd startup options in your system startup script. After done so, start (or restart) rsyslogd."

Any thoughts?

gatsby 09-25-2008 10:05 AM

Found it. If you want rsyslog 2.0 to listen on a TCP port, you have to update the file /etc/sysconfig/rsyslog and add/modify the SYSLOGD_OPTIONS as follows:


Note the lack of spaces between the -t switch and the port number paramter. Restart the service and you are good to go.

All times are GMT -5. The time now is 10:25 PM.