Check If You Have Messages¶
After that go back to the System > Inputs page.
Click on the Show received messages button next to the appliance-syslog-udp input and you should see only the messages received from your syslog clients.
BOOM! Now that you have messages coming in, this is where the fun starts.
Skip the next section if you are all good.
If You Don’t Have Messages¶
- Check to see that you made the proper entries in the rsyslog configuration file.
- Check the syslog UDP configuration and make sure that is right - remember we changed the default port to 514.
- Check to see if rsyslog messages are being forwarded to the port. You can use the tcpdump command to do this:
$ sudo tcpdump -i lo host 127.0.0.1 and udp port 514
- Check to see if the server is listening on the host:
$ sudo netstat -peanut | grep ":514"