Hide Forgot
Simple configuration on the client: *.* @loghost produces on the server (loghost) only one single message: 2011-05-03T11:17:52+02:00 data rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="2292" x-info="http://www.rsyslog.com"] (re)start No other syslog messages are forwarded to the server. If I run the client in the debug mode I can see that it does not even try to send anything. Client (data) - RHEL-6 Server (loghost) - RHEL-5.5
(In reply to comment #0) UDP forwarding seems to work for me. Please note that if the configuration on the client really consist only of that one line, rsyslog doesn't have any source of messagess. You need to load some input modules for the daemon to do anything useful, e.g.: $ModLoad imuxsock.so # userspace logging $ModLoad imklog.so # kernel logging If that is not the whole configuration, can you please provide your rsyslog.conf files and the debug mode output? In the debug mode, you should see lines like: 7453.924901200:7f727b51f710: Called action, logging to builtin-fwd 7453.924909973:7f727b51f710: 10.1.2.3:514/udp You can try running tcpdump to see if the messages actually get sent: tcpdump -i <if> udp and host <loghost> Be aware that the forwarded messages still retain their original facility, so they may end up in a different file than /var/log/messages. Therefore you would only see the startup message.
Ooops - my bad. I have forgotten about the modules. Works fine with those two. Sorry for wasting your time - please close this one... Ondrej