After that, you should see the Syslog UDP input appear on the screen.


Click Show received messages button on this screen, and you should have messages at the bottom. It may take a few minutes before you have messages coming in.


BOOM! Now that you have messages coming in, this is where the fun starts.

Skip the next section if you are all good.

If You Don’t Have Messages

  1. Check to see that you made the proper entries in the rsyslog configuration file.
  2. Check the syslog UDP configuration and make sure that is right - remember we changed the default port to 5140.
  3. Check to see if rsyslog messages are being forwarded to the port. You can use the tcpdump command to do this:

$ sudo tcpdump -i lo host and udp port 5140

  1. Check to see if the server is listening on the host:

$ sudo netstat -peanut | grep ":5140"