MACS Log Collector on RHEL not receiving logs

%3CLINGO-SUB%20id%3D%22lingo-sub-2415520%22%20slang%3D%22en-US%22%3EMACS%20Log%20Collector%20on%20RHEL%20not%20receiving%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2415520%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20I'm%20in%20the%20process%20of%20deploying%20a%20new%20log%20collector%20on%20RHEL%207%2C%20I've%20configured%20it%20in%20the%20MCAS%20portal%20and%20deployed%20the%20docker%20container%2C%20I%20can%20see%20it%20as%20connected%20in%20the%20console%20with%20no%20data%20received.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20I've%20forwarded%20the%20logs%20to%20the%20server%20and%20I%20can%20see%20them%20if%20I%20run%20a%20tcpdump%20on%20the%20REHL%20host%2C%20but%20I'm%20not%20seeing%20anything%20in%20the%20container.%20%3CEM%3E%2Fvar%2Fadallom%2Fsyslog%2Frotated%2F514%2F%3C%2FEM%3E%20only%20contains%20the%20%3CEM%3Econfig.json%3C%2FEM%3E%20file%20and%20%3CEM%3E%2Fvar%2Fadallom%2Fdiscoverylogsbackup%3C%2FEM%3E%20is%20empty%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20I%20can%20see%20if%20the%20container%20is%20receiving%20the%20messages%20and%20why%20it's%20not%20processing%20them%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2415520%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hi I'm in the process of deploying a new log collector on RHEL 7, I've configured it in the MCAS portal and deployed the docker container, I can see it as connected in the console with no data received.

 

Now I've forwarded the logs to the server and I can see them if I run a tcpdump on the REHL host, but I'm not seeing anything in the container. /var/adallom/syslog/rotated/514/ only contains the config.json file and /var/adallom/discoverylogsbackup is empty

 

Is there a way I can see if the container is receiving the messages and why it's not processing them?

0 Replies