Video Screencast Help

rsyslog with SSIM

Created: 11 Oct 2012 | 5 comments
        I have a question, rsyslog works fine with SSIM ?
        I configured my rsyslog to send logs to SSIM Server, by the way, the messages are categorized as Generic Syslog Collector and not as UNIX (R) OS Event Collector.
        I made the same configuration using syslog and it works.
        What's could be wrong?
Thanks in advance

Comments 5 CommentsJump to latest comment

Avkash K's picture

yes rsyslog works fine with SSIM.

By default, you need to check whether you have configured your UNIX Event collector to receive the logs.

If the logs are not parsed by the UNIX collector, it will be parsed by Generic syslog collector.


Avkash K's picture
OK Avkash K
    I configured the UNIX Event Collector, but the messages are parsed just by Generic syslog Collector.
Laurent_c's picture

It is a signature issue with redirector.

could you post sample event that goes to the generic syslog rather than Unix collector ?'s picture
So, I  removed all configurations and  a new installation Linux Agent and Unix Syslog, but nothing changed.
Right now, do not log about in my SSIM Server.
I tested trying to logon using wrong password and logs are send but don't show nothing in my queries
14:08:22.850739 IP 192.168.X.Y.38433 > 172.16.A.B.10525: UDP, length 148
14:08:24.755148 IP 192.168.X.Y.38433 > 172.16.A.B.10525: UDP, length 95
14:08:30.008516 IP 192.168.X.Y.38433 > 172.16.A.B.10525: UDP, length 97
14:08:30.021954 IP 192.168.X.Y.38433 > 172.16.A.B.10525: UDP, length 99
My Client = 192.168.X.Y
My Server = 172.16.A.B 
Ps.: There are normal comunication between servers.
I configured my rsyslog.conf on UDP port 514 and 10525 to test.
My Linux client kernel = 2.6.32-131.2.1.el6.x86_64
Laurent_c's picture

could you enalbe the generic syslog event collector and enable raw event logging.

Then could you post a sample of these raw events ? (you ahve a field called raw_event)

This is certainly a signature configuration if they reach the generic syslog.