I have freshly installed Debian 6. I am trying to get syslog server for a reason, I used to follow manual for this task. I configured /etc/rsyslog.conf on remote client server to send data via udp port 514.
$ModLoad imuxsock
$ModLoad imklog
*.* @server-ip:514
And I also configured server's rsyslog.conf that would accept them.
:source, isequal, "client-host-ip" /var/log/clientlog.log
:source, isequal, "client-host-ip" ~
I checked my firewall settings and it does pass udp 514 but for some reason things are still not working. What I am missing to do?
Best Answer
On server:
Check with netstat -nulp on server.
http://www.rsyslog.com/doc/rsyslog_conf.html
http://www.rsyslog.com/receiving-messages-from-a-remote-system/