Thank you for reporting back.

For posterity (and on your behalf) this thread is now marked [SOLVED].

Quote:

And this is what it actually was

Reverse DNS is broken on the network in question, which causes several problems. One was iptables hanging at a stock rule for Multicast DNS, and because I didn't pay close enough attention and saw the default policies were all ACCEPT, I just "saw" that the firewall wasn't involved. All is well now. Thanks!!!

Look harder for firewall rules? Tcpdump sees packets as they arrive and before iptables so even if iptables is dropping the packets, you will still see them with tcpdump.

Running under the assumption that maybe sysklogd just sucks too much for this to work, I installed rsyslog 3.22.1-3 from the CentOS DVD and configured it. And I'm seeing the same issue... logs from remote devices just aren't being written.

I'm clearly missing something, but every piece of documentation and every post I can find that has anything to do with this assumes that everything just works perfectly at this point. What else could possibly be involved here???

Quote:

No, yes, and yes.

do you have iptables enabled? does tcpdump show udp/514 traffic arriving on the interface?

$sudo iptables -L

will show your current ruleset.

Is 514 listening?

$ sudo lsof -i:514

or $netstat -na | grep 514

CentOS 5.7, sysklogd 1.4.1-46

I added "-r" to /etc/sysconfig/syslog and restarted the syslog service. With tcpdump, I can see that other devices are sending traffic to UDP 514, but nothing is showing up in /var/log/messages, which is where Googling suggests they'll end up without changing /etc/syslogd.conf I'm not finding any other troubleshooting pointers... by all indications, it's supposed to "just work" at this point. Any ideas?