Unfortunately, there is no general answer to this questions. However, we have learned that in the majority of cases on of the following issues is causing the problem:
- Check the facility EventReporter is using when sending messages
By default, EventReporter sends to the LOCAL_0 facility. This default can be changed with the EventReporter client. Be sure to set it matching to your syslog daemon’s configuration.
- configure your syslog daemon to allow remote message to be received
Some syslog daemons require special configuration to allow logging from remote hosts. For example, the RedHat Linux system requires a “-r” option in order to receive the messages. The file to check in RedHat 6.2 would be /etc/rc.d/init.d/syslog.