MonitorWare Knowledge Base

Hello everyone

When logging to a remote machine ("*.* @syslog"), rsyslog also opens a local UDP port. This behviour is not correct.

When looking at the source code, I see that the variable "Forwarding" ist set, when a forwarding option is recognized. If "Forwarding" or "AcceptRemote" is set (line 6049 in syslogd.c), the UDP port is opened.

Without further investigation the code I think that the forwarding Flag is not really needed and should not be used to decide if the local port should be opened or not.

Line 6049 should be:

Code: Select all

if (AcceptRemote) {

Regards

James

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

James,

thanks for the posting. This behaviour is an artefact left over from sysklogd. Many syslog's expect messages to *orginate* from 514 and this is way to do it. Please note that it is the exact same behaviour that the stock syslogds have. We think about changing it (controlled via an option), but at the time being it is somewhat intensional.

I hope this clarifies.

Rainer

Oh, I forgot to mention the code snippet. If you do not open that port, the socket will not be opened and so there will be no open socket available when rsyslogd tries to forward.

Rainer

Hello Rainer

Oh I see... I have not even noticed yet that the stock syslogd opens the UDP Port 514 if forwarding is enabled.

It would be a nice feature to disable the opening of this port. The clients that send their logs to a central server really do not need to listen to that port. I disabled this behaviour in rsyslogd and it's working. The client still can send logs to the remote server.


Regards

James