I'm trying to setting up a SLES server to send logs to a remote server via rsyslog.
Rsyslog has installed. I've tried to add *.* @@172.29.39.10:514 to configuration files /etc/rsyslog.conf and /etc/rsyslog.d/remote.conf. After restarting service (service rsyslog restart) there aren't any activites of 514 port. I check by netstat -antpu.
There aren't any messages in /var/log/messages related rsyslog.
Please help!
/etc/sysconfig/syslog is by default:
RSYSLOGD_PARAMS=""
Command output: # cat /etc/rsyslog.conf | grep -vE '(#|^$)'
Code:
$ModLoad immark.so
$MarkMessagePeriod      3600
$ModLoad imuxsock.so
$RepeatedMsgReduction   on
$ModLoad imklog.so
$klogConsoleLogLevel    1
$IncludeConfig /run/rsyslog/additional-log-sockets.conf
$IncludeConfig /etc/rsyslog.d/*.conf
if      ( \
            /* kernel up to warning except of firewall  */ \
            ($syslogfacility-text == 'kern')      and      \
            ($syslogseverity <= 4 /* warning */ ) and not  \
            ($msg contains 'IN=' and $msg contains 'OUT=') \
        ) or ( \
            /* up to errors except of facility authpriv */ \
            ($syslogseverity <= 3 /* errors  */ ) and not  \
            ($syslogfacility-text == 'authpriv')           \
        ) \
then {
        /dev/tty10
        |/dev/xconsole
}
*.emerg                                  :omusrmsg:*
if      ($syslogfacility-text == 'kern') and \
        ($msg contains 'IN=' and $msg contains 'OUT=') \
then {
        -/var/log/firewall
        stop
}
if      ($programname == 'acpid' or $syslogtag == '[acpid]:') and \
        ($syslogseverity <= 5 /* notice */) \
then {
        -/var/log/acpid
        stop
}
if      ($programname == 'NetworkManager') or \
        ($programname startswith 'nm-') \
then {
        -/var/log/NetworkManager
        stop
}
mail.*                                  -/var/log/mail
mail.info                               -/var/log/mail.info
mail.warning                            -/var/log/mail.warn
mail.err                                 /var/log/mail.err
news.crit                               -/var/log/news/news.crit
news.err                                -/var/log/news/news.err
news.notice                             -/var/log/news/news.notice
*.=warning;*.=err                       -/var/log/warn
*.crit                                   /var/log/warn
*.*;mail.none;news.none                 -/var/log/messages
local0.*;local1.*                       -/var/log/localmessages
local2.*;local3.*                       -/var/log/localmessages
local4.*;local5.*                       -/var/log/localmessages
local6.*;local7.*                       -/var/log/localmessages
*.* @@172.29.39.10:514