I'm trying to setup log forwarding with rsyslog. I have the line below in my rsyslog.conf file just to test sending logs over.
*.* @<remoteserverIP>:514
I'm trying to send the logs over UDP port 514. However, when I do a netstat, it appears the logs are going over a random port like 6023. The port is different every time I restart the rsyslog daemon. I've checked the firewall and IP tables rules, but I can't find anything setup that would be changing the outbound port. I have another server sending to the same remote syslog server that is working just fine. I'd appreciate any ideas of what I might check to get this working.
Best Answer
It is expected for a client to change, that is, to be an ephemeral port. It is the remote server which should not. There a few services for which this is not the case, most notably
ntp, but such is not the case for syslog.