When the port is set to 514 it works fine. When I edit the conf and change only the port to 10000 it doesn't work. When I do the testing I also set the remote host to receive on 514 or 10000 as needed.
________________________________________ From: [email protected] [[email protected]] on behalf of David Lang [[email protected]] Sent: Thursday, October 08, 2015 1:51 PM To: rsyslog-users Subject: Re: [rsyslog] Complex forwarding and spoofing question On Thu, 8 Oct 2015, Randy Baca wrote: > Yes, looking at both ends simultaneously. Started a tcpdump on both hosts and > I only see my telnet connections. Restarted rsyslog and waited a couple > minutes and I see no attempts at all. Doesn't even send a SYN. and you are sure that you had some messages that your rules would send out this connection? if you change nothing else but the port number, you say that it works? David Lang > ________________________________________ > From: [email protected] [[email protected]] > on behalf of David Lang [[email protected]] > Sent: Thursday, October 08, 2015 1:23 PM > To: rsyslog-users > Subject: Re: [rsyslog] Complex forwarding and spoofing question > > On Thu, 8 Oct 2015, Randy Baca wrote: > >> That rule works better, but I still cannot get rsyslog to forward on port >> 10000. I turned off iptables, I can make a telnet connection to the remote >> host on 10000, but rsyslog will not even attempt to connect to the remote >> host >> on 10000. It works just fine if the omfwd port="514" and protocol="tcp". > > When you say that it doesn't even try on port 10000, are you looking at the > sender or the receiver? Since there may be firewalls between the two, you > would > need to look at the sender. > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
