rsyslog listens but ignores/drops incoming frames - Re: rsyslog not listen..
Andy Wright
andy at extracted.org
Mon Jul 7 22:09:56 UTC 2014
I ran into a problem having rsyslog accept incoming UDP messages. After
replacing a 10.04 server with a 14.04 installation this function ceased
to work. I do not see anything preventative in the new configuration or
out of the ordinary compared to the previous.
I have the following:
rsyslog.conf:
$ModLoad imudp
$UDPServerRun 514
netstat -an |grep 514:
udp 0 0 0.0.0.0:514 0.0.0.0:*
netfilter:
-A INPUT -p udp -m udp -s 10.10.6.0 -i br0 --dport 514 -j ACCEPT
The client is decibel and it is received on the syslog server (hamper)
interface. tcpdump -i br0 udp port 514 -vv:
15:55:01.278651 IP (tos 0x0, ttl 64, id 37160, offset 0, flags [DF],
proto UDP (17), length 119)
decibel.xx.xx.xx.33825 > hamper.xx.xx.xx.syslog: [udp sum ok]
SYSLOG, length: 91
Facility cron (9), Severity info (6)
Msg: Jul 7 15:55:01 decibel CRON[5382]: (root) CMD
(/usr/sbin/ntpdate 10.10.6.7 >/dev/null)
0x0000: 3c37 383e 4a75 6c20 2037 2031 353a 3535
0x0010: 3a30 3120 6465 6369 6265 6c20 4352 4f4e
0x0020: 5b35 3338 325d 3a20 2872 6f6f 7429 2043
0x0030: 4d44 2028 2f75 7372 2f73 6269 6e2f 6e74
0x0040: 7064 6174 6520 3130 2e31 302e 362e 3720
0x0050: 3e2f 6465 762f 6e75 6c6c 29
I had put this on the side for a couple of weeks until I had seen this
thread. Have any suggestions?
Andy
On Sun, 2014-07-06 at 14:34 +0200, Stefan Fuhrmann wrote:
> Hello all,
>
> I want to run a central syslog server on ubuntu 14.04. Rsyslog is installed
> and I uncommend the lines
>
> # provides UDP syslog reception
> $ModLoad imudp
> $UDPServerRun 514
>
> Restart rsyslog
> netstat -an |grep 514
>
> dont show a listen syslog.
>
> I searched around but can not find a solution.
>
> Can someone help?
>
> tia
> Stefan
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20140707/e3e03ad7/attachment.pgp>
More information about the ubuntu-server
mailing list