Some days ago I've enabled Syslog but trought UDP. If you want to receive TCP syslog connection on your server, you need to enable TCP connection in your syslog.conf file.
Why did you want to use TCP connections ?
To alert on specific message, I'm using syslog-ng with specific destination for matching message. But I'm currently testing 8pussy.org Syslog frontend...
Thanks for the response. When you enable Syslog, you lose the ability to maintain the Summary Log on the appliance. Because UDP is considered an unreliable protocol, we'd prefer to use TCP. The problem is not receiving the logs--we are able to get them to Rsyslog. The problem is that, because we are receiving syslogs from multiple hosts, we are trying to use Rsyslog to separate IronMail's from the others. Our other feeds include the system name or a unique identifier in each log entry.
1 of 1 people found this helpful
I'm not an rsyslog specialist, but with a quick look in the wiki doc I fund the default format :
$template SyslFormat,"%timegenerated% [WJCG]-%HOSTNAME% %syslogtag%%msg:::space$
Is your rsyslog server resolve the ip address of your appliances ? I now, maybe it's to much simple but some time.... we are not looking in good direction.
psi: I just wanted to post a quick follow up to say thanks for the responses. A coworker of mine has been working on this issue and my understanding is that he came up with a workaround by accepting the raw Syslog feeds and then using another utility to perform the data extraction or parse of the log (outside of Rsyslog). I'm a little fuzzy on the details right now but if I am able to gather additional information on this, I'll post a follow up. Thanks again!