[syslog-ng] CentOS 7.5, rsyslog, port 601, TCP - nothing getting delivered
Lachlan Musicman
datakid at gmail.com
Tue Jun 26 00:28:16 UTC 2018
On Tue, 26 Jun 2018 at 00:09, Scheidler, Balázs <
balazs.scheidler at balabit.com> wrote:
> This list is not official support for Balabit's products and I am not
> really an rsyslog expert, but let me try to help.
>
> I think the issue might be related to "framing", e.g. syslog-ng configured
> to expect framing whereas rsyslog not doing it. This page:
>
> https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html
>
> contains a parameter which is TCP_framing that defaults to "no".
>
> In that case, syslog-ng will drop the connection if the framing is not
> there. See https://tools.ietf.org/html/rfc5425#section-4.3 for a
> description on what framing is and how it works.
>
Thanks Bazsi, appreciate the hint, you put me on the right track.
For those that come behind me, the major issue I found was the allowed data
in the conf file - there didn't seem to be any documentation at all about
what values TCP_Framing could take. Case insensitively the following didn't
work: yes, true, on
Trial and error/guess work discovered that the correct syntax to get this
working is "octet-counted"
[root at host02 /etc/rsyslog.d]# cat tcp601.conf
*.* action(type="omfwd"
queue.type="LinkedList"
queue.filename="example_fwd_tcp_601"
action.resumeRetryCount="-1"
queue.saveonshutdown="on"
template="RSYSLOG_SyslogProtocol23Format"
target="10.126.19.45" Port="601" Protocol="tcp"
TCP_Framing="octet-counted")
Cheers
L.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180626/e865475f/attachment.html>
More information about the syslog-ng
mailing list