rsyslogd not storing remote logging information

Question

I have a rsyslogd on Ubuntu 14.0.1:

$ModLoad imtcp
$InputTCPServerRun 514
$template FILENAME,"/var/log/%fromhost%/syslog.log"
*.* ?FILENAME

If if run

logger -p local0.crit -n 10.240.157.116 -u /dev/null test

On a remote machine, I can see the syslog packet on the rsyslogd-server using tcpdump:

15:43:43.586827 IP 10.240.180.245.37261 > 10.240.157.116.514: SYSLOG local0.critical, length: 33

However, no log is written on the rsyslogd-server for the remote host. The local logs are written as expected to /var/log/rsyslogd-server-hostname/bla

score 0 · Accepted Answer · answered Mar 17 '15 at 07:45

According to the man page for logger, '-n ' will send a UDP packet, which is what you appear to be seeing in tcpdump (only one packet, not a TCP handshake etc).

Your rsyslogd configuration is only expecting input on TCP (InputTCPServerRun).

You probably want:

$ModLoad imudp 
$UDPServerRun 514

rsyslogd not storing remote logging information

1 Answers1