Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

Discussion for KB Entry 6922 - Syslogtag rsyslog-2077

Discussions around Windows Eventlog messages.

Moderator: alorbach

Google Ads


Discussion for KB Entry 6922 - Syslogtag rsyslog-2077

Postby knowledgebase » Tue Mar 29, 2011 12:19 pm

This is the discussion thread for the Knowledge Base Entry 6922

Vendor: Adiscon
Software/Device: rsyslog
Syslogtag: rsyslog-2077
Link to KB Entry

Short Description:
could not bind to port
knowledgebase
Forum Bot
 
Posts: 170
Joined: Wed May 28, 2008 10:09 am

Re: Discussion for KB Entry 6922 - Syslogtag rsyslog-2077

Postby egberts » Fri Dec 16, 2011 12:05 am

This is only if rsyslog is attempting TLS over port 6514/tcp and you are running Secured-Edition Linux (SE-Linux or SELinux),
you'll want to check the current enforcement level security setting:
Code: Select all
# sestatus

If you are in 'enabled' status, and 'enforcing' current mode, then check the /var/log/audit/audit.log for any "avc: denied" error message
Code: Select all
type=AVC msg=audit(9999999999.999:999999): avc:  denied  { name_bind } for  pid=99999 comm="rsyslogd" src=6514 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

And that port 6514 is associated with syslogd_port_t context.
Code: Select all
# semanage port --list | grep 6514

If this is missing, then the following command is needed to allow your rsyslog application to bind to the 6514/tcp port:
Code: Select all
# semanage port -a -t syslogd_port_t -p tcp 6514
egberts
New
 
Posts: 1
Joined: Thu Dec 15, 2011 11:51 pm

Re: Discussion for KB Entry 6922 - Syslogtag rsyslog-2077

Postby jordanpm » Tue Mar 14, 2017 10:48 am

Another potential cause is if the rsyslog.conf contains more than one bind to the same socket. Perhaps because you are using both old and new syntax.
jordanpm
New
 
Posts: 2
Joined: Thu Mar 09, 2017 6:26 pm

Google Ads



Return to Windows Eventlog

Who is online

Users browsing this forum: No registered users and 2 guests

cron