Re: [rsyslog] Logs from remote server not making it to Elastic Search

Mon, 01 Feb 2016 07:20:55 -0800

Ok, not iptables rules, try a tcpdump on the rsyslog box to see if you are getting any traffic from the SO box. 

David Lang

On Mon, 1 Feb 2016, Brad Cox wrote:


Date: Mon, 1 Feb 2016 08:09:33 -0500
From: Brad Cox <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] Logs from remote server not making it to Elastic Search

The proto-cluster (rsyslog) is Xubuntu latest (14.x.y). Security Onion server 
and clients is Ubuntu latest (syslog-ng). Both are VMware VMs on a Mac host.

root@localhost:/var/log# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Dr. Brad J. Cox    Cell: 703-594-1883 Skype: dr.brad.cox





On Feb 1, 2016, at 8:06 AM, David Lang <[email protected]> wrote:

what distro is this? have you checked iptables rules?

iptables -L -n

David Lang

On Mon, 1 Feb 2016, Brad Cox wrote:


Re earlier, I think the difference was we were getting logs from the rsyslog 
server then (local) traffic. When I removed that, it showed we were not 
receiving remote logs, then or now. But still no idea why.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to