CentOS - Jan 2012 - rsyslog server cannot get the logs

I have an rsyslog server which is running Debian Stable,
and its version of rsyslog is 4.6.4-2.

All of my Debian Stable server can send log to it now.
and run both
nc $IP $PORT <<< "HELLO"
and
echo "HELLO" | nc $IP $PORT
on client, I can get log on the server.

While for my CentOS 5.7 server,
nc $IP $PORT <<< "HELLO"
works well, but
echo "HELLO" | nc $IP $PORT
can not work.
tcpdump shows that it can get both of the 2 "HELLO"
from server.

And I can not get log both by log file or tcpdump.

*.* @@IP:PORT

On 1/6/2012 1:05 AM, YunQiang Su wrote:
> I have an rsyslog server which is running Debian Stable,
> and its version of rsyslog is 4.6.4-2.
>
> All of my Debian Stable server can send log to it now.
> and run both
> nc $IP $PORT<<<  "HELLO"
> and
> echo "HELLO" | nc $IP $PORT
> on client, I can get log on the server.
>
> While for my CentOS 5.7 server,
> nc $IP $PORT<<<  "HELLO"
> works well, but
> echo "HELLO" | nc $IP $PORT
> can not work.
> tcpdump shows that it can get both of the 2 "HELLO"
> from server.
>
> And I can not get log both by log file or tcpdump.
>
> *.* @@IP:PORT
Compare the output of this command on both servers (run as root):

netstat -npl | grep rsyslog

Keep in mind that, rsyslog can listen for either UDP or TCP packets (or 
both) and by default a "nc" command will do tcp only.

The relevant portions of the rsyslog.conf file:

# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp.so
#$InputTCPServerRun 514


-- 
Corey Henderson
http://cormander.com/