rsyslogd 8.13.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
________________________________________
From: [email protected] [[email protected]] on
behalf of Rainer Gerhards [[email protected]]
Sent: Thursday, October 08, 2015 2:16 PM
To: rsyslog-users
Subject: Re: [rsyslog] Complex forwarding and spoofing question
Which version is that? We had ages ago a version that did the network byte
order calculation incorrectly.
Sent from phone, thus brief.
Am 08.10.2015 23:14 schrieb "Randy Baca" <[email protected]>:
> When the port is set to 514 it works fine. When I edit the conf and
> change only the port to 10000 it doesn't work. When I do the testing I
> also set the remote host to receive on 514 or 10000 as needed.
>
> ________________________________________
> From: [email protected] [[email protected]]
> on behalf of David Lang [[email protected]]
> Sent: Thursday, October 08, 2015 1:51 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Complex forwarding and spoofing question
>
> On Thu, 8 Oct 2015, Randy Baca wrote:
>
> > Yes, looking at both ends simultaneously. Started a tcpdump on both
> hosts and
> > I only see my telnet connections. Restarted rsyslog and waited a couple
> > minutes and I see no attempts at all. Doesn't even send a SYN.
>
> and you are sure that you had some messages that your rules would send out
> this
> connection?
>
> if you change nothing else but the port number, you say that it works?
>
> David Lang
>
> > ________________________________________
> > From: [email protected] [
> [email protected]] on behalf of David Lang [[email protected]]
> > Sent: Thursday, October 08, 2015 1:23 PM
> > To: rsyslog-users
> > Subject: Re: [rsyslog] Complex forwarding and spoofing question
> >
> > On Thu, 8 Oct 2015, Randy Baca wrote:
> >
> >> That rule works better, but I still cannot get rsyslog to forward on
> port
> >> 10000. I turned off iptables, I can make a telnet connection to the
> remote
> >> host on 10000, but rsyslog will not even attempt to connect to the
> remote host
> >> on 10000. It works just fine if the omfwd port="514" and
> protocol="tcp".
> >
> > When you say that it doesn't even try on port 10000, are you looking at
> the
> > sender or the receiver? Since there may be firewalls between the two,
> you would
> > need to look at the sender.
> >
> > David Lang
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
> >
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
