<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12">
<TITLE>F10, rsyslog, and incoming remote logs</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>ALErs -<BR>
<BR>
I've wasted quite a bit of bad language trying to set up '/etc/rsyslog.conf' to receive log messages from other hosts. Please excuse the incoherence here resulting from emotional stress. &8-P)<BR>
<BR>
I uncommented in '/etc/rsyslog.conf' the lines:<BR>
<BR>
# Provides UDP syslog reception<BR>
$ModLoad imudp.so<BR>
$UDPServerRun 514<BR>
<BR>
and restarted the service. No obvious complaints in '/var/log/messages'.<BR>
<BR>
I did find a copy of 'imudp.so' as '/usr/lib/rsyslog/imudp.so' but when I try to see if it can be loaded I get:<BR>
<BR>
insmod: error inserting '/usr/lib/rsyslog/imudp.so': -1 Invalid module format<BR>
<BR>
I don't see how to form a rule to send incoming UDP log traffic on port 514 to anywhere. How can I send such traffic to a single file, say: '/var/log/ext_messages.log'? The only examples I find in the docs concern outgoing traffic to a specific remote server: the reverse of my problem.<BR>
<BR>
Should I need a rule to see such traffic on '/var/log/messages'? I see no traffic at present.<BR>
<BR>
I could try running 'rsyslogd' in "compatibility" mode ('-v2'), but I would rather learn how to set up the configuration for the current version.<BR>
<BR>
(BTW, is 'rsyslogd' really an improvement, or is the problem in the documentation?)<BR>
<BR>
TIA.<BR>
<BR>
- Mills<BR>
</FONT>
</P>
</BODY>
</HTML>