We are running a legacy version of rsyslog v4.2.0 on a central ubuntu server that is also used for monitoring purposes. This syslog server is only connected to our management lan. IP range 192.0.2.0/24. All machines on this lan can deliver their syslog messages correctly to this server. We use the option: $template DynamicFilename,"/tunix-data/log/%FROMHOST%/messages" in an included config file to automatically create separate log files for every machine.
We recently added a set of cisco routers to this network and we want these to log their syslog messages to the same server. One router is a central router with multiple connections to remote locations. Each location has also a Cisco router of which we want it's syslog messages collected at the syslog server. The central router has an interface on the management lan. This one can deliver it's own syslog messages correctly to the syslog server. We configured natting for UDP port 514 so that the messages from the remote routers are delivered, using the management lan, to the central syslog server. We see these messages being delivered to the syslog server, but it seems the messages are not being processed. We tested the delivery of syslog messages and found that when the source IP in the message is not on our management lan, the message is discarded. We tried to find documentation how to configure rsyslog on the syslog server to also accept messages from the remote Cisco routers, but so far this was unsuccessful. Can anyone help us with this? -- View this message in context: http://rsyslog-users.1305293.n2.nabble.com/Remote-syslog-setup-unsuccesful-tp7589216.html Sent from the rsyslog-users mailing list archive at Nabble.com. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
