I have a central Syslog server (Windows Server 2012 R2) running Kiwi Syslog server that isn't receiving logs from a client (Centos 7).
The client's rsyslog.conf configuration looks like this:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# Remote Logging (we use TCP for reliable delivery)
#
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@cloudDC:514
Where cloudDC is the name of the logging server.
I have verified:
- logs are being printed to /var/log/messages
- TCP and UDP 514 are open on server
- Server can display logs from localhost
- Client and server can reach each other
I'm stumped. Any ideas?
