[syslog-ng] CentOS 7.5, rsyslog, port 601, TCP - nothing getting delivered

Lachlan Musicman datakid at gmail.com
Mon Jun 25 03:38:53 UTC 2018


On Mon, 25 Jun 2018 at 11:21, Lachlan Musicman <datakid at gmail.com> wrote:

> I don't understand why this isn't working? I'm not seeing any data in our
> Balabit appliance.
>
> I have a regular default installation of CentOS 7.5, and have followed the
> RedHat 7 rsyslog directions with regard to setting up a new message filter:
>
> I've added a singe file to /etc/rsyslog.d/
>
> [root at host02 /etc/rsyslog.d]#  cat tcp601.conf
> *.* action(type="omfwd"
> queue.type="LinkedList"
> queue.filename="example_fwd_tcp_601"
> action.resumeRetryCount="-1"
> queue.saveonshutdown="on"
> template="RSYSLOG_SyslogProtocol23Format"
> target="10.126.19.45" Port="601" Protocol="tcp")
>
> But I'm not getting anything at the appliance?
>
> The Appliance Log Source seems to be set up correctly (no licensing
> issues, port 601 is set, Syslog format (I was told that is RFC 5425)
> selected).
>

Note that when we change the Appliance Source to legacy instead of Syslog,
the above works - but doesn't parse well with that template in rsyslog --
program is listed as <digit> and all other data is in the msg field?
Removing the template line does give us a normal "legacy" format.

Cheers
L.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180625/56e526fa/attachment.html>


More information about the syslog-ng mailing list