rsyslog server listen only on tcp 514

Forum for the RSyslog Windows Agent. Here you can ask all questions regarding installation, configuration or occuring problems.

Moderator: rgerhards

Google Ads


rsyslog server listen only on tcp 514

Postby gidikern » Sun Jan 31, 2016 6:04 pm

'm trying to set rsyslog to listen to tcp messages with port other then 514, however it doesn't work. It works only when using 514 it receives messages

Code: Select all
input(type="imtcp" port="20515" ruleset="test")


ruleset(name="test") {
action(type="omfile" file="/var/log/test")
}


I opened all the ports for tcp and run a test using gnutls-serv and gnutls-cli and it completed the handshake successfully.

Code: Select all
sudo gnutls-cli -d 5 10.0.0.51 -p 20515 --x509cafile="/etc/rsyslog.d/ca.pem" --x509keyfile="/etc/rsyslog.d/client-key.pem" --x509certfile="/etc/rsyslog.d/client-cert.pem"

sudo gnutls-serv --priority=NORMAL -p 20515 --x509cafile="/etc/rsyslog.d/ca.pem" --x509keyfile="/etc/rsyslog.d/server-key.pem" --x509certfile="/etc/rsyslog.d/server-cert.pem"


I also tested the ports using nc and it works fine

Code: Select all
nc 10.0.0.51 20515 # client
nc -l 20515 # server


So the ports are open, why can it be that rsyslog cannot listen on port other then 514?
Last edited by gidikern on Sun Jan 31, 2016 6:28 pm, edited 1 time in total.
gidikern
New
 
Posts: 7
Joined: Wed Jan 20, 2016 4:53 pm

Re: rsyslog server listen only on tcp 514

Postby rgerhards » Sun Jan 31, 2016 6:08 pm

Which is the sender? How is it configured? rsyslog works over any port, so there must be something in either the environment or sender.
rgerhards
Site Admin
 
Posts: 3806
Joined: Thu Feb 13, 2003 11:57 am

Re: rsyslog server listen only on tcp 514

Postby gidikern » Sun Jan 31, 2016 6:33 pm

Client side:
Code: Select all
action(type="omfwd" target="10.0.0.51" Port="20515" protocol="tcp" )


Server side:
Code: Select all
module(load="imtcp")
input(type="imtcp" Port="20515" ruleset="relp")

ruleset(name="relp") {
action(type="omfile" file="/var/log/relptls")
}


I actually work on relp and it work great with cert and tls but agian only on 514. So I test basic tcp and found that it also works only on 514.
I verified that there are no ports problem:

Code: Select all
nc 10.0.0.51 20515 # client
nc -l 20515 # server
gidikern
New
 
Posts: 7
Joined: Wed Jan 20, 2016 4:53 pm

Re: rsyslog server listen only on tcp 514

Postby rgerhards » Sun Jan 31, 2016 6:34 pm

you need to enable TLS settings on the client, also.
rgerhards
Site Admin
 
Posts: 3806
Joined: Thu Feb 13, 2003 11:57 am

Re: rsyslog server listen only on tcp 514

Postby gidikern » Sun Jan 31, 2016 6:39 pm

Currently I reversed the configuration to basic tcp. I don't have issues with tls it works great but only on port 514!
It makes me crazy already :)
gidikern
New
 
Posts: 7
Joined: Wed Jan 20, 2016 4:53 pm

Re: rsyslog server listen only on tcp 514

Postby gidikern » Sun Jan 31, 2016 8:09 pm

I set new local vms and manage to work with ports other then 514.
The VMs I have issue with are AWS ec2 vms.
gidikern
New
 
Posts: 7
Joined: Wed Jan 20, 2016 4:53 pm

Re: rsyslog server listen only on tcp 514

Postby gidikern » Sun Jan 31, 2016 8:44 pm

Solved

The issue was due to SELinux. Should manage it. e.g.
sudo semanage port -a -t syslogd_port_t -p tcp 20514
gidikern
New
 
Posts: 7
Joined: Wed Jan 20, 2016 4:53 pm

Google Ads



Return to Windows Agent

Who is online

Users browsing this forum: No registered users and 0 guests

cron