Rsyslogd is configured to send remote logs to another port on the same server (network monitoring tool) and also write them to file and network monitoring tool gets more message than there are in file. I can see some remote logs in tcpdump on port 514 and in network monitoring tool, but not in the log file. I was wondering if the good folks here at ServerFault could provide some clarification on this matter?
SLES 12-sp2 and rsyslogd 8.4.0-16.2
$template rem,"/var/log/REMOTE.log"
# Remote Logging
$RuleSet remote
*.* ?rem
# Send messages we receive to Gremlin
*.* @127.0.0.1:9514
# Provides UDP syslog reception
$ModLoad imudp
$InputUDPServerBindRuleset remote
$UDPServerRun 514
