Hey Chris, Here is the output of "netstat -n". It does not have 514
netstat -n | grep 514 unix 3 [ ] STREAM CONNECTED 30472 @/tmp/.ICE-unix/25149 unix 3 [ ] STREAM CONNECTED 73514 unix 3 [ ] STREAM CONNECTED 23293 @/tmp/.ICE-unix/25149 Thanks, Eshwar On Thu, Apr 26, 2018 at 5:32 PM, Chris via rsyslog < [email protected]> wrote: > Have you tried netstat -n | grep 514 just to make sure netstat is > outputting numbers insted of service names? Worth a look. > > On Wed, Apr 25, 2018, at 10:00 PM, eswar472 via rsyslog wrote: > > Hi, > > > > I am trying to test remote logging between two ubuntu machines. In the> > ubuntu machine which i wanted to make it as server, i changed the > > /etc/rsyslog.conf as below. After that i restarted service with "sudo> > service rsyslog restart" then checked netstat. I dont see 514 port > > is open.> As per some suggestions in internet i tried with ports 10514 > and > > 20514, but> no luck. > > > > Commands I executed after changing configuration file > > > > rreddy@rreddy-node2:~$ sudo service rsyslog restart > > rsyslog stop/waiting > > rsyslog start/running > > rreddy@rreddy-node2:~$ netstat | grep 514 > > unix 3 [ ] STREAM CONNECTED 30472 > > @/tmp/.ICE-unix/25149 > > unix 3 [ ] STREAM CONNECTED 73514 > > unix 3 [ ] STREAM CONNECTED 23293 > > @/tmp/.ICE-unix/25149 > > > > > > Below is the content of my /etc/rsyslog file > > > > # /etc/rsyslog.conf Configuration file for rsyslog. > > # > > # For more information see > > # /usr/share/doc/rsyslog- > > # doc/html/rsyslog_conf.html> # > > # Default logging rules can be found in /etc/rsyslog.d/50- > > # default.conf> > > > > ################# > > #### MODULES #### > > ################# > > > > $ModLoad imuxsock # provides support for local system logging > > $ModLoad imklog # provides kernel logging support > > #$ModLoad immark # provides --MARK-- message capability > > > > # provides UDP syslog reception > > $ModLoad imudp > > $UDPServerRun 514 > > > > # provides TCP syslog reception > > $ModLoad imtcp > > $InputTCPServerRun 514 > > > > $AllowedSender TCP, 127.0.0.1, 10.22.42.115 > > $template Incoming-logs,"/var/log/test.log" > > > > ########################### > > #### GLOBAL DIRECTIVES #### > > ########################### > > > > # > > # Use traditional timestamp format. > > # To enable high precision timestamps, comment out the following line.> # > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > > > # Filter duplicated messages > > $RepeatedMsgReduction on > > > > # > > # Set the default permissions for all log files. > > # > > $FileOwner syslog > > $FileGroup adm > > $FileCreateMode 0640 > > $DirCreateMode 0755 > > $Umask 0022 > > $PrivDropToUser syslog > > $PrivDropToGroup syslog > > > > # > > # Where to place spool and state files > > # > > $WorkDirectory /var/spool/rsyslog > > > > # > > # Include all config files in /etc/rsyslog.d/ > > # > > $IncludeConfig /etc/rsyslog.d/*.conf > > > > > > Can you help me in finding what is wrong with this configuration. > > > > Thank you, > > Eshwar > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by > > a myriad> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT > POST if you> DON'T LIKE THAT. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
