NXLog search
Let's talk Start free
Let's talk Start free

Syslog message not getting written to file

Tags:
#1 horstp

I set up a new port (2514/TCP) to receive logs messages from VMware Workspace One.

I notice this new port was not writing the log messages to the file specified. (Other ports for other products work fine)

I can see the messages come in when I run tcpdump, but they do not end up getting written to a file.

When I looked at the /var/log/nxlog/nxlog.log file, I noticed a LOT of messages like this:

2021-07-07 22:44:31 INFO connection accepted from 10.42.32.149:60599

2021-07-07 22:44:31 WARNING TCP connection closed from 10.42.32.149:60599: End of file found

I tried to google the error, but could not fine anything about it.

My config file includes this:

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Input vmwarelogtcp>
    Module      im_tcp
    Port        2514
    Host        0.0.0.0
    Exec        parse_syslog();
</Input>

<Output vmwareout>
    Module      om_file
    File        "/log/SYSLOG_vmwarelog/VMWARELOG_" + $Hostname + ".log"
    CreateDir   TRUE
    Exec        to_syslog_bsd();
</Output>

<Route 3>
    Path        vmwarelogtcp => vmwareout
</Route>

Any ideas?

Thank you

Permalink
#2 rafDeactivated Nxlog ✓
#1 horstp
I set up a new port (2514/TCP) to receive logs messages from VMware Workspace One. I notice this new port was not writing the log messages to the file specified. (Other ports for other products work fine) I can see the messages come in when I run tcpdump, but they do not end up getting written to a file. When I looked at the /var/log/nxlog/nxlog.log file, I noticed a LOT of messages like this: 2021-07-07 22:44:31 INFO connection accepted from 10.42.32.149:60599 2021-07-07 22:44:31 WARNING TCP connection closed from 10.42.32.149:60599: End of file found I tried to google the error, but could not fine anything about it. My config file includes this: <Extension _syslog> Module xm_syslog </Extension> <Input vmwarelogtcp> Module im_tcp Port 2514 Host 0.0.0.0 Exec parse_syslog(); </Input> <Output vmwareout> Module om_file File "/log/SYSLOG_vmwarelog/VMWARELOG_" + $Hostname + ".log" CreateDir TRUE Exec to_syslog_bsd(); </Output> <Route 3> Path vmwarelogtcp => vmwareout </Route> Any ideas? Thank you

Hi,

so, it looks like the connection with VMWare is made:

2021-07-07 22:44:31 INFO connection accepted from 10.42.32.149:60599

but this suggests the connection is closed by the same party:

2021-07-07 22:44:31 WARNING TCP connection closed from 10.42.32.149:60599: End of file found.

I'd suggest checking VMWare conf first - maybe there's something in VMWare's logs?

Best regards,
Rafał
Login to see more