On 1/6/2012 1:05 AM, YunQiang Su wrote:> I have an rsyslog server which is running Debian Stable,
> and its version of rsyslog is 4.6.4-2.
>
> All of my Debian Stable server can send log to it now.
> and run both
> nc $IP $PORT<<< "HELLO"
> and
> echo "HELLO" | nc $IP $PORT
> on client, I can get log on the server.
>
> While for my CentOS 5.7 server,
> nc $IP $PORT<<< "HELLO"
> works well, but
> echo "HELLO" | nc $IP $PORT
> can not work.
> tcpdump shows that it can get both of the 2 "HELLO"
> from server.
>
> And I can not get log both by log file or tcpdump.
>
> *.* @@IP:PORT
Compare the output of this command on both servers (run as root):
netstat -npl | grep rsyslog
Keep in mind that, rsyslog can listen for either UDP or TCP packets (or
both) and by default a "nc" command will do tcp only.
The relevant portions of the rsyslog.conf file:
# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp.so
#$InputTCPServerRun 514
--
Corey Henderson
http://cormander.com/