Yeah, it's really old, but for now I'll have to stick with it. :(
I added the "-d" option to rsyslog daemon, and came across this: 1098717504: Called fprintlog, logging to builtin-fwd 127.0.0.1:61514/tcp 1098717504: create tcp connection failed, reason Permission denied 1098717504: no working socket could be obtained 1098717504: error forwarding via tcp, suspending Seems like the reason why it doesn't work is that it fails to create the TCP session from itself (i.e. rsyslog) to the stunnel port. I've sent this information to Red Hat support, but if anyone here have an ideas as to what's causing this please do let me know. - Kenneth On Wed, Dec 23, 2009 at 9:59 PM, Siddhartha Jain <[email protected]>wrote: > Kenneth, > > Not sure why RedHat/CentOS continue to bundle rsyslog 2.0.6. This > version is ancient. Since 2.x, rsyslog has gone through 2.x, 4.x and now > the current, 5.x. > > I would highly recommend rolling your own RPM from recent 5.x or 4.x > code. > > - Siddhartha > > > > -----Original Message----- > > From: [email protected] [mailto:rsyslog- > > [email protected]] On Behalf Of Kenneth Holter > > Sent: Wednesday, December 23, 2009 12:13 AM > > To: [email protected] > > Subject: [rsyslog] rsyslog+stunnel works only when running "rsyslogd" > > fromthe shell > > > > Hi. > > > > > > I'm running rsyslog v2.0.6 provided with my RHEL 5 installation. For > > some > > time now I've had rsyslog issues with some of my RHEL 5 servers, and > > I've > > not been able to figure out the problems, and would like to hear from > > others > > that may have experienced the same problem. I've been in contact with > > Red > > Hat support, but they've not been able to reproduce this problem, so > > we'be > > not succeeded in resolving the issue. > > > > First, let me describe my setup: My RHEL 5 servers have set up a TLS > > tunnel > > (using stunnel) between themselves and the log host. This works > > perfectly. > > I've configured rsyslog to forward messages to this tunnel by adding a > > " > > *.* @@127.0.0.1:61514 " line to the bottom of /etc/rsyslog.conf file. > > The > > stunnel is listening on port 61514. > > > > On almost all my servers, this works as planned. But for some reason, > a > > few > > servers are having problems forwarding messages to their stunnel > > connection. > > By running "tcpdump -i lo" I can see that these servers are not > > transmitting > > anything on the loopback interface, and are thus not forwarding > > anything to > > the stunnel port. One of my theories was that the line above simply > > wasn't > > picked up by rsyslog daemon. So I stopped the daemon, ran "rsyslogd > -d" > > to > > view the debug output, and everthing works fine. > > > > For some reason, when I run rsyslog like this (i.e by issuing > > "rsyslogd" in > > the command prompt) instead of issuing "/etc/init.d/rsyslog start", > > everything work fine. I'm really puzzled as to why this is so. Does > > anyone > > know why this is so? I have the exact same setup one all my servers, > > but one > > a small number of them have this problem. > > > > > > Best regards, > > Kenneth Holter > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
