rsyslog listens but ignores/drops incoming frames - Re: rsyslog not listen..

Andy Wright andy at extracted.org
Mon Jul 7 22:09:56 UTC 2014


I ran into a problem having rsyslog accept incoming UDP messages.  After
replacing a 10.04 server with a 14.04 installation this function ceased
to work.  I do not see anything preventative in the new configuration or
out of the ordinary compared to the previous.

I have the following:

rsyslog.conf:
$ModLoad imudp
$UDPServerRun 514

netstat -an |grep 514:
udp        0      0 0.0.0.0:514             0.0.0.0:*

netfilter:
-A INPUT -p udp -m udp -s 10.10.6.0 -i br0 --dport 514 -j ACCEPT

The client is decibel and it is received on the syslog server (hamper)
interface.  tcpdump -i br0 udp port 514 -vv:

15:55:01.278651 IP (tos 0x0, ttl 64, id 37160, offset 0, flags [DF],
proto UDP (17), length 119)
    decibel.xx.xx.xx.33825 > hamper.xx.xx.xx.syslog: [udp sum ok]
SYSLOG, length: 91
        Facility cron (9), Severity info (6)
        Msg: Jul  7 15:55:01 decibel CRON[5382]: (root) CMD
(/usr/sbin/ntpdate 10.10.6.7 >/dev/null)
        0x0000:  3c37 383e 4a75 6c20 2037 2031 353a 3535
        0x0010:  3a30 3120 6465 6369 6265 6c20 4352 4f4e
        0x0020:  5b35 3338 325d 3a20 2872 6f6f 7429 2043
        0x0030:  4d44 2028 2f75 7372 2f73 6269 6e2f 6e74
        0x0040:  7064 6174 6520 3130 2e31 302e 362e 3720
        0x0050:  3e2f 6465 762f 6e75 6c6c 29

I had put this on the side for a couple of weeks until I had seen this
thread.  Have any suggestions?

Andy

On Sun, 2014-07-06 at 14:34 +0200, Stefan Fuhrmann wrote:
> Hello all,
> 
> I want to run a central syslog server on ubuntu 14.04. Rsyslog is installed 
> and I uncommend the lines
> 
> # provides UDP syslog reception
> $ModLoad imudp
> $UDPServerRun 514
> 
> Restart rsyslog
> netstat -an |grep 514
> 
> dont show a listen syslog.
> 
> I searched around but can not find a solution.
> 
> Can someone help?
> 
> tia
> Stefan
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20140707/e3e03ad7/attachment.pgp>


More information about the ubuntu-server mailing list