I'm trying to set rsyslog client- server to listen to tcp messages with port other then 514, however it doesn't work. Only when using 514 it receives messages. I'm using EC2 vms.
input(type="imtcp" port="20514" ruleset="test")
ruleset(name="test") {
action(type="omfile" file="/var/log/test")
}
I open all the ports for tcp (using the security group) and run tests both with nc utility (manage to send and receive tcp messages) and gnsutls (gnutls-serv and gnutls-cli and it completed the handshake successfully).
nc 10.0.0.51 20515 # client
nc -l 20515 # server
sudo gnutls-cli -d 5 10.0.0.51 -p 20514 --x509cafile="/etc/rsyslog.d/ca.pem" --x509keyfile="/etc/rsyslog.d/client-key.pem" --x509certfile="/etc/rsyslog.d/client-cert.pem"
sudo gnutls-serv --priority=NORMAL -p 20514 --x509cafile="/etc/rsyslog.d/ca.pem" --x509keyfile="/etc/rsyslog.d/server-key.pem" --x509certfile="/etc/rsyslog.d/server-cert.pem"
So the ports are open, why can it be that rsyslog on EC2 cannot listen on port other then 514?
I made a complete test out of AWS (locall VMs) and it work smoothly
Best Answer
I manage to solve the issue as follows:
The issue was due to SELinux. Should manage it. e.g. sudo semanage port -a -t syslogd_port_t -p tcp 20514