Hi Rado/Rainer,I tried running the rsyslog -n but nothing happened , I didn't have any output . So we have the same issue , spoofing and forwarding runs only with debug mode -dn and rest nothing works.Any ideas are welcome
> Date: Tue, 15 Jan 2013 13:55:27 +0200 > From: [email protected] > To: [email protected] > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only > > Hi Rahul, > > > 2013/1/15 Rahul Bhat <[email protected]> > > > > > > > hi radu, thanks for checking !! I am using -dn option for debug mode. I > > didn't use -n only mode, I can try. But how can I check the difference b/w > > the two modes ( treat me new to rsyslog ) > > > I wasn't thinking about anything fancy, just that if you start it with -dn, > it's not only debug mode, it's also foreground. So to narrow things down, > you can try just with -n and see what happens. > > > > I modified rulesets/modules/tempates and nothing happens :( > Date: > > Tue, 15 Jan 2013 13:09:10 +0200 > > > From: [email protected] > > > To: [email protected] > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only > > > > > > Hi Rahul, > > > > > > I've never used UDP spoofing, so my best bet is to check out the > > > differences between debug and non-debug: > > > - when you start it with debug, do you use -n? If yes, what happens if > > you > > > only do rsyslog -n? > > > - do you drop privileges in your config? > > > > > > Best regards, > > > Radu > > > > > > 2013/1/15 Rahul Bhat <[email protected]> > > > > > > > > > > > > > > > > > > > > > > > > > > > Dear Friends , > > > > Hope you doing great !!I came across this mailing list while trying to > > > > configure the rsyslog v 7.2.4 with spoofing using - > > > > http://www.rsyslog.com/doc/omudpspoof.html. Thanks for making the > > > > information available. Unfortunately, I have a problem with the rsyslog > > > > config and have been trying to sort it out for sometime now. I have > > Linux > > > > rsyslog server which needs to send the logs to the central syslog > > server > > > > keeping the originator Ip unchanged hence I am using spooofing. Current > > > > conf parameter regarding spoofing: $ModLoad omudpspoof > > > > $template spoofaddr,"%fromhost-ip%" > > > > $template spooftemplate,"%rawmsg%" > > > > $ActionOMUDPSpoofSourceNameTemplate spoofaddr > > > > $ActionOMUDPSpoofTargetHost 10.xxx.xxx.xx > > > > $ActionOMUDPSpoofTargetPort 514 > > > > $ActionOMUDPSpoofSourcePortStart 514 > > > > $ActionOMUDPSpoofSourcePortEnd 514 > > > > *.* :omudpspoof:;spooftemplate > > > > My rsyslog config works well when i am running the debug mode but as > > soon > > > > as i go back to non-debug mode, i don't see the logs being forwarded > > to the > > > > syslog server.All works well in debug but i don't understand how and > > which > > > > entries should i change for corrective action. If you have some time , > > > > would appreciate any ideas . > > > > Thanks Rahul > > > > > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > myriad > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > > DON'T LIKE THAT. > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
