I don't understand why this isn't working? I'm not seeing any data in our Balabit appliance.

I have a regular default installation of CentOS 7.5, and have followed the RedHat 7 rsyslog directions with regard to setting up a new message filter:

I've added a singe file to /etc/rsyslog.d/

[root@host02 /etc/rsyslog.d]#  cat tcp601.conf
*.* action(type="omfwd"
queue.type="LinkedList"
queue.filename="example_fwd_tcp_601"
action.resumeRetryCount="-1"
queue.saveonshutdown="on"
template="RSYSLOG_SyslogProtocol23Format"
target="10.126.19.45" Port="601" Protocol="tcp")

But I'm not getting anything at the appliance?

The Appliance Log Source seems to be set up correctly (no licensing issues, port 601 is set, Syslog format (I was told that is RFC 5425) selected).

Ports are open, but on the server that's configured as per above, I'm seeing this:

[root@host02 log]# netstat -tnp| grep 601
tcp        1      0 10.126.19.66:39768      10.126.19.45:601        CLOSE_WAIT  2400/rsyslogd

The data works fine if I send over UDP/port 514, with the template being either RSYSLOG_SyslogProtocol23Format or RSYSLOG_TraditionalFileFormat

I'm also seeing - in host02's /var/log/messages a *large* number of errors that state:

Jun 25 11:14:14 host02 rsyslogd: action 'action 2' resumed (module 'builtin:omfwd') [v8.24.0 try http://www.rsyslog.com/e/2359 ]

Can someone tell me where I've gone wrong and/or indicate what I might do next to debug this issue?

Cheers
L.