IxDA Bloomington Message Board › Happen to have any experience forwarding logs to a remote server from rsyslo

Happen to have any experience forwarding logs to a remote server from rsyslogd on Ubuntu 10.04 LTS?

Jameson F
user 20032251
Bloomington, IN
Post #: 2
Happen to have any experience forwarding logs to a remote server from rsyslogd on Ubuntu 10.04 LTS?

I'm attempting to forward logs from an Ubuntu 10.04 LTS server running rsyslogd to a Windows Server 2008 R2 server running GFI EventsManager 2012 (12.0.0).

I've included the following line in /etc/rsyslog.d/50-default.conf (at the beginning) on the Ubuntu server:

*.* @@<IPAddressOfWindowsServer>:514

Prior to that I also tried including the following in /etc/rsyslog.conf (at the end):

$WorkDirectory /var/spool/rsyslog/work # default location for work (spool) files

$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionQueueMaxDiskSpace 1g # limit queue size to 1 GB
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
*.* @@<IPAddressOfWindowsServer>:514

I restarted rsyslogd after each configuration change using the following command:

sudo service rsyslog reload

The Ubuntu server's firewall is enabled, but it is allowing outbound traffic by default. GFI EventsManager's built-in syslog server is configured to accept logs on TCP port 514. An event source has been configured in GFI using the hostname of the Ubuntu server. Windows Firewall is allowing traffic to TCP port 514 from the Ubuntu server. Firewall logging is enabled on the Windows server, and logging both dropped packets and successful connections. Local logging on the Ubuntu server is functioning normally, but rsyslogd doesn't seem to be sending logs to EventsManager. The Windows Firewall log does not show any connection attempts from the Ubuntu server. And, obviously, EventsManager isn't receiving or processing any logs from the Ubuntu server. I've read everything I can find regarding forwarding logs using rsyslogd including the links below. Everything appears to be configured correctly, but it's not working.

Any ideas? Any help would be greatly appreciated.
Powered by mvnForum

Our Sponsors

  • Inkd

    Inkd sponsored our first meetup event which paid for logistical support!

  • Morgan Kaufmann Publishers

    Raffle giveaways and a discount code to their store!

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy