Home / server / Questions / 1017608
Accepted
Lee Hill
Asked: 2020-05-19 02:29:33 +0800 CST

remote logging using syslogd - Ubuntu 18.04.2 LTS - just will not send

  • 772

so, playing with centralized logging and i just cannot get syslogd to send the messages to a remote syslog server.

background:

syslog server is setup and working, tested with other devices sending logs into it.

networking both server and client reside in the same subnet, firewalls are off on server, from what i can tell ubuntu has no firewall configured. tested 514 open on the server from the client and get a successful connection.

setup/test process

syslogd didn't seem to exist on my install, so i installed it:

sudo apt-get install -y inetutils-syslogd

modified the config file in /etc/syslogd.conf to include 2 lines:

*.* /home/lee/test
*.* @10.120.1.20

saved and reloaded syslogd by sending the hangup signal

killall -s SIGHUP syslogd

testing with the logger function:

logger "test"

inserts lines into the local file, but nothing gets to the server.

tried setting up a tcpdump on 512 outbound to see if anything is going through:

tcpdump -n -s 1500 -X port 514 -w /home/lee/tcpdump.pcap

the file is empty, tried tracing the PID as such:

strace -s 500 -tfp 188341 -o /home/lee/strace_syslog

the output of the file indicates it sees the test messages, and writes to some outputs, but nothing seems to indicate writing out to the remote syslog address...

1446  10:27:52 restart_syscall(<... resuming interrupted poll ...>) = 1
1446  10:28:03 recvfrom(21, "<13>May 18 10:28:03 lee: test", 1024, 0, 0x7ffd918070e0, [110->0]) = 29
1446  10:28:03 rt_sigprocmask(SIG_BLOCK, [HUP ALRM], [], 8) = 0
1446  10:28:03 writev(22, [{iov_base="May 18 10:28:03", iov_len=15}, {iov_base=" ", iov_len=1}, {iov_base="ubuntu-docker", iov_len=13}, {iov_base=" ", iov_len=1}, {iov_base="lee: test", iov_len=9}, {iov_base="\n", iov_len=1}], 6) = 40
1446  10:28:03 writev(20, [{iov_base="May 18 10:28:03", iov_len=15}, {iov_base=" ", iov_len=1}, {iov_base="ubuntu-docker", iov_len=13}, {iov_base=" ", iov_len=1}, {iov_base="lee: test", iov_len=9}, {iov_base="\n", iov_len=1}], 6) = 40
1446  10:28:03 writev(11, [{iov_base="May 18 10:28:03", iov_len=15}, {iov_base=" ", iov_len=1}, {iov_base="ubuntu-docker", iov_len=13}, {iov_base=" ", iov_len=1}, {iov_base="lee: test", iov_len=9}, {iov_base="\n", iov_len=1}], 6) = 40
1446  10:28:03 writev(6, [{iov_base="May 18 10:28:03", iov_len=15}, {iov_base=" ", iov_len=1}, {iov_base="ubuntu-docker", iov_len=13}, {iov_base=" ", iov_len=1}, {iov_base="lee: test", iov_len=9}, {iov_base="\n", iov_len=1}], 6) = 40
1446  10:28:03 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
1446  10:28:03 poll([{fd=3, events=POLLIN|POLLPRI}, {fd=21, events=POLLIN|POLLPRI}], 2, -1) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
1446  10:28:10 --- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---
1446  10:28:10 alarm(30)                = 0
1446  10:28:10 rt_sigreturn({mask=[]})  = -1 EINTR (Interrupted system call)
1446  10:28:10 poll([{fd=3, events=POLLIN|POLLPRI}, {fd=21, events=POLLIN|POLLPRI}], 2, -1) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
1446  10:28:40 --- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---
1446  10:28:40 alarm(30)                = 0
1446  10:28:40 rt_sigreturn({mask=[]})  = -1 EINTR (Interrupted system call)

what have i missed???

i just cannot get it to output to a remote host.... from my testing i am confident that it is a configuration issue in /etc/syslogd.conf but i cannot see what!

ubuntu syslog syslogd

1 Answers

  1. Best Answer

    If you want to force your local syslogd to forward messages, restart it with

    -h, --hop
    Enable forwarding remote messages. By default syslogd will not forward
    messages it receives from remote hosts.
    • 1