As I continue to try to troubleshoot this, I tried using a direct ncat connection. If I send "1.1.1.1 hello world" (simulating an IP address and message), the output to the log file is: Apr 6 16:25:41 1 Apr 6 16:25:41 .1.1 hello world
If I send "1\.1\.1\.1 hello world" the output is this: Apr 6 16:26:16 . Apr 6 16:26:16 . Apr 6 16:26:16 . Apr 6 16:26:16 h Apr 6 16:26:16 ello world If I send "myserver.domain.com hello world" the output is this: Apr 6 16:28:28 myserver.domain.com hello world If I send a raw syslog message "<13>Apr 6 14:37:38 1.1.1.1 Test Syslog." I get: Apr 6 14:37:38 1.1.1.1 Test Syslog. So, I go back to the original device that sent the TCP syslog message (an APC UPS) and send another test directly to the server and I see this in the logs: 5015.675372226:7f6ce2981700: imptcp: data(131072) on socket 19: <13>Apr 6 16:36:54 1.1.1.1 APC: Test Syslog.rom o world And in the log I get nothing. On Wed, Apr 6, 2016 at 4:03 PM David Meiser <[email protected]> wrote: > I am trying to setup a generic syslog forwarder that accepts messages on > tcp & udp. Using imptcp, I see messages come in, but no rulesets are > processed. My ruleset, right now, is set to take tcp messages and just > output them to file (for troubleshooting). UDP works fine. > > Here is what I see in debug mode: > 2594.333580185:7fd29ab2b700: imptcp: epoll returned 1 events > 2594.333594886:7fd29ab2b700: imptcp: new connection on listen socket 9 > 2594.334657804:7fd29ab2b700: imptcp: added socket 15 to epoll[8] set > 2594.334670004:7fd29ab2b700: imptcp going on epoll_wait > 2594.334673904:7fd29ab2b700: imptcp: epoll returned 1 events > 2594.334686204:7fd29ab2b700: imptcp: new activity on session socket 15 > 2594.334692604:7fd29ab2b700: imptcp: data(131072) on socket 15: <5>Apr 6 > 15:56:34 user.name: hello world 2594.334701804:7fd29ab2b700: imptcp: > removing socket 15 from epoll[8] set 2594.335235814:7fd29ab2b700: imptcp: > session on socket 15 closed with iRet 0. 2594.335240814:7fd29ab2b700: > imptcp going on epoll_wait > > Here is my config: > module(load="imptcp") > > input( > type="imptcp" > port="514" > ruleset="remote" > ) > > ruleset( > name="remote" queue.workerthreads="4" > queue.filename="srvrfwd" > queue.type="LinkedList" > queue.syncqueuefiles="on" > queue.maxdiskspace="10g" > queue.saveonshutdown="on" > queue.size="10000000" > ) { > action( > type="omfile" > file="/var/log/debug" > ) > } > > I've also tried the sample config from the website: > input(type="imptcp" port="10514" ruleset="writeRemoteData") > ruleset(name="writeRemoteData" queue.type="fixedArray" queue.size="250000" > queue.dequeueBatchSize="4096" queue.workerThreads="4" > queue.workerThreadMinimumMessages="60000" ) { action(type="omfile" > file="/var/log/remote.log" ioBufferSize="64k" flushOnTXEnd="off" > asyncWriting="on") } > > Same issue. > > Any thoughts? > > Thank you, > Dave > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
