Re: [rsyslog] Complex forwarding and spoofing question

Thu, 08 Oct 2015 13:51:50 -0700 

On Thu, 8 Oct 2015, Randy Baca wrote:
Yes, looking at both ends simultaneously. Started a tcpdump on both hosts and I only see my telnet connections. Restarted rsyslog and waited a couple minutes and I see no attempts at all. Doesn't even send a SYN. 


and you are sure that you had some messages that your rules would send out this 
connection?


if you change nothing else but the port number, you say that it works?

David Lang


________________________________________
From: [email protected] [[email protected]] on 
behalf of David Lang [[email protected]]
Sent: Thursday, October 08, 2015 1:23 PM
To: rsyslog-users
Subject: Re: [rsyslog] Complex forwarding and spoofing question

On Thu, 8 Oct 2015, Randy Baca wrote:


That rule works better, but I still cannot get rsyslog to forward on port
10000.  I turned off iptables, I can make a telnet connection to the remote
host on 10000, but rsyslog will not even attempt to connect to the remote host
on 10000.  It works just fine if the omfwd port="514" and protocol="tcp".


When you say that it doesn't even try on port 10000, are you looking at the
sender or the receiver? Since there may be firewalls between the two, you would
need to look at the sender.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.























					Reply via email to