redhat 4 and redhat 5 syslog clients sending UDP syslog traffic to an rsyslog server on redhat 6

What's the best way to monitor for UDP syslog traffic coming in from a redhat 4 and redhat 5 syslog clients if it's not arriving at the syslog server. The syslog server is running on a Redhat 6 server. netstat -taulpe | grep syslog is showing that UDP is listening on all IP's on the server but I'd like to see if there is any other way apart from running  tcpdump -i <nic> port 514. Would watch lsof -a -i:514 show it?
lolaferrariAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
I prefer tshark + tcpdump will do.

Just because you see a UDP port listener... doesn't mean packets are flowing...

Tip: Do an iptables -F on both machines (sender + receiver) + retest. If syslog (well, really rsyslog is sure what's really in use) works, then this means you have a firewall problem at one end. Just restart your firewall on one machine + retest. Once you figure out where the problem resides, you can open up the correct port on the correct machine.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.