Showing posts with label udp. Show all posts
Showing posts with label udp. Show all posts

Wednesday, January 22, 2014

UDP only rsyslog server and client on Ubuntu

The first thing you'll need to do is install a new version of rsyslog. There's a bug in the version that comes along with Ubuntu 12.04 that prevents rsyslog from listening on a privileged port if you're using drop-privileges. You can read instructions for installing a newer version of rsyslog here. Once you've done that, open up /etc/rsyslog.conf and uncomment the following lines:

#$ModLoad imudp
#$UDPServerRun 514

Restart rsyslog and you're done on the server. Now head over to a client and open up /etc/rsyslog.d/50-default.conf and make the following addition to the top of the file:

*.* @your_server:514

Note that the single @ sign is what designates the sending to UDP only. Restart rsyslog on the server and you can test to see if logs are being sent using the logger command:

logger -t TEST testing