Yes. I used : netstat -lpn | grep 514 tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 3808/rsyslogd tcp 0 0 :::514 :::* LISTEN 3808/rsyslogd udp 0 0 0.0.0.0:514 0.0.0.0:* 3808/rsyslogd udp 0 0 :::514 :::* 3808/rsyslogd
Excuse me my Snare agent on Windows is free version and just support UDP. On Tuesday, August 19, 2014 8:31 PM, James Lay <[email protected]> wrote: On 2014-08-19 09:39, Jason Long wrote: > I enabled both but not worked :( > > > On Tuesday, August 19, 2014 7:56 PM, James Lay > <[email protected]> wrote: > > > > On 2014-08-19 08:36, Jason Long wrote: > >> Hello all. >> I want to collect Windows log via Snare and forward them to my >> Rsyslog linux server but i have some problem : >> >> Windows generate log properly and I test it via Event log and Snare. >> I installed Snare on Windows and in "Network configuration" I set my >> linux syslog server IP and change port to 514. >> >> on linux box, I turn of "iptables" service and add following rules >> to >> /etc/sysconfig/iptables : >> >> -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT >> -A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT >> >> I also add this entry to "rsyslog.conf" : >> >> local5.* /var/log/winlog/win.log >> >> SYSLOGD_OPTIONS = "-r -m 0" >> >> $AllowedSender UDP, <my client IP> >> >> Can you tell me what is wrong? >> _______________________________________________ > > You'll need to load the modules in rsyslog.conf: > > # provides UDP syslog reception > $ModLoad imudp > $UDPServerRun 514 > > # provides TCP syslog reception > $ModLoad imtcp > $InputTCPServerRun 514 > > > James On the rsyslog linux box do: sudo netstat -lpn Look for 514..see it? James _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
