Hello, thank you for any suggestions as to why the data is not captured in /var/log/messages.
Data sent from a separate host on same subnet via:
logger -p daemon.warn "to cpsyslog01 testing-d1023-t1855 - on
tcp 601" --tcp --port 601 --server 172.16.130.19
attachment shows data received on the syslog host port 601. Including here the
raw pcap file and also as viewed in wireshark. Regards,
glenn
From: Peter Viskup <[email protected]>
Sent: Friday, October 23, 2020 12:23 AM
To: rsyslog-users <[email protected]>
Cc: Walton, Glenn <[email protected]>
Subject: Re: [rsyslog] Rsyslog issue - when imptcp & imtcp/TLS on same system -
imptcp messages received in Rsyslogd not added to log file
Hello Glenn,
On Thu, Oct 22, 2020 at 11:26 PM Walton, Glenn via rsyslog
<[email protected]<mailto:[email protected]>> wrote:
Questions:
1. Its my understanding when configuring TLS with imtcp module that imptcp
should be used to provide a plain unencrypted TCP listener; is there a better
alternative, or any specific guidelines for this scenario ?
Yes - you are right. It was already discussed some time ago.
http://rsyslog-users.1305293.n2.nabble.com/Mix-of-GTLS-and-PTCP-listeners-running-same-instance-tc7591434.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__rsyslog-2Dusers.1305293.n2.nabble.com_Mix-2Dof-2DGTLS-2Dand-2DPTCP-2Dlisteners-2Drunning-2Dsame-2Dinstance-2Dtc7591434.html&d=DwMFaQ&c=QbuapHRvbn0JdC8vTVkPHg&r=_uOhLqF-K0CY12pGqtX0shhCC7pwRurkKACc23Dc7FU&m=8oA6PA7H-RQqi6jqdDvIgdJgBNNcgLl1ahMKpTj13SE&s=j7v-ReHh3ivf6fOr7rDCtN3fcgaiabuaTEx4e4he8oM&e=>
Following bugreport is related.
https://github.com/rsyslog/rsyslog/issues/3727<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_rsyslog_rsyslog_issues_3727&d=DwMFaQ&c=QbuapHRvbn0JdC8vTVkPHg&r=_uOhLqF-K0CY12pGqtX0shhCC7pwRurkKACc23Dc7FU&m=8oA6PA7H-RQqi6jqdDvIgdJgBNNcgLl1ahMKpTj13SE&s=Yg_bOUeegZhPrfyjnjGA9GR4oTkKmbtQ0kjDE3b3alw&e=>
2. With imptcp in place, is there some extra configuration needed to cause
these incoming events to be written to the log file (/var/log/messages) ?
No extra configuration options are required.
One of the reasons why you do not see the messages in /var/log/messages is they
are of debug syslog priority. Send the message examples you see on the wire
(running tcpdump).
--
Peter
----------------------------------------------------------------------
This message is intended only for the person(s) to which it is addressed
and may contain privileged, confidential and/or insider information.
If you have received this communication in error, please notify us
immediately by replying to the message and deleting it from your computer.
Any disclosure, copying, distribution, or the taking of any action concerning
the contents of this message and any attachment(s) by anyone other
than the named recipient(s) is strictly prohibited.
syslogcap1.pcap
Description: syslogcap1.pcap
_______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
