what is your rsyslog configuration? there are lots of ways that the messages
could be getting into rsyslog, but not written out anywhere. you have to have
configurations saying to output the logs.
your netstat shows that something is listening on 514 tcp and udp, it's a
reasonable assumption that this is rsyslog. If you can establish a tcp
connection, that shows that routing and firewalling allow tcp.
but without seeing your config, we can't say what's wrong.
David Lang
On Tue, 8 Oct 2013, Mayur Patil wrote:
Date: Tue, 8 Oct 2013 14:57:05 +0530
From: Mayur Patil <[email protected]>
To: rsyslog-users <[email protected]>, David Lang <[email protected]>
Subject: [rsyslog-users] Wireshark is capturing but rSyslog not logging
Hi,
I am in a strange problem.
I am able to send an application name *"snort"* logs to rSyslog server.
In this case, I am getting error that
*wireshark is perfectly catching the logs of snort but rSyslog is not
logging the same.*
Here is output of my commands please have a look
I am using *CentOS for snort machine* and *Ubuntu for rsyslog server.*
[1] For nc and telnet,
This is the successful output of telnet and nc http://fpaste.org/45010/
the resulting messages are appearing in syslog of log server.
[2] For netstat command,
This are the results of netstat particularly on 514 port
http://fpaste.org/45016/
where *[root@clc]* is *snort machine* and *[root@logserver]* is the *log
server machine*.
I have also disabled firewalls on both machines; so *port blocking* is also
not
possible.
Where is actual problem I am unable to get?
Seeking for guidance,
Thanks !
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
