> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Radu Gheorghe > Sent: Tuesday, January 15, 2013 12:09 PM > To: rsyslog-users > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only > > Hi Rahul, > > I've never used UDP spoofing, so my best bet is to check out the differences > between debug and non-debug: > - when you start it with debug, do you use -n? If yes, what happens if you > only do rsyslog -n? > - do you drop privileges in your config?
Oh, yes,that's an important point: omudpspoof REQUIRES root privileges! Raienr > > Best regards, > Radu > > 2013/1/15 Rahul Bhat <[email protected]> > > > > > > > > > > > > > Dear Friends , > > Hope you doing great !!I came across this mailing list while trying to > > configure the rsyslog v 7.2.4 with spoofing using - > > http://www.rsyslog.com/doc/omudpspoof.html. Thanks for making the > > information available. Unfortunately, I have a problem with the > > rsyslog config and have been trying to sort it out for sometime now. I > > have Linux rsyslog server which needs to send the logs to the central > > syslog server keeping the originator Ip unchanged hence I am using > > spooofing. Current conf parameter regarding spoofing: $ModLoad > > omudpspoof $template spoofaddr,"%fromhost-ip%" > > $template spooftemplate,"%rawmsg%" > > $ActionOMUDPSpoofSourceNameTemplate spoofaddr > > $ActionOMUDPSpoofTargetHost 10.xxx.xxx.xx > $ActionOMUDPSpoofTargetPort > > 514 $ActionOMUDPSpoofSourcePortStart 514 > > $ActionOMUDPSpoofSourcePortEnd 514 > > *.* :omudpspoof:;spooftemplate > > My rsyslog config works well when i am running the debug mode but as > > soon as i go back to non-debug mode, i don't see the logs being > > forwarded to the syslog server.All works well in debug but i don't > > understand how and which entries should i change for corrective > > action. If you have some time , would appreciate any ideas . > > Thanks Rahul > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
