Join Log in
Score:0
Leenold avatar Ubuntu

Rsyslog not listening to UDP ports on Ubuntu 20.04

ae flag
Leenold

I have configured an Ubuntu 20.04 as my syslog server, to receive logs from Cisco Meraki. This should then send to Microsoft Sentinel SIEM.

My issue is that Rsyslog is not listening to UDP port 514 or any other UDP port. It is listening to TCP only. I can not use TCP because the firewall (Cisco Meraki) can only send Syslog as UDP.

I have configured the /etc/rsyslog.conf file as follows:

#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
 

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")

When I run this command netstat -tupln | grep LISTEN

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      562/systemd-resolve 
tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      1377/rsyslogd       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      682/sshd: /usr/sbin 
tcp        0      0 0.0.0.0:22033           0.0.0.0:*               LISTEN      794/ruby            
tcp6       0      0 :::514                  :::*                    LISTEN      1377/rsyslogd       
tcp6       0      0 :::22                   :::*                    LISTEN      682/sshd: /usr/sbin

May you please help me resolve this.

157
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.