Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'd like to set up a remote log server. I edited syslog.conf on the client as appropriate, changing default settings such as /var/log/messages to @LOGHOSTNAME. On the log server I edited /etc/sysconfig/syslog, changing SYSLOGD_OPTIONS="-m 0" to SYSLOGD_OPTIONS="-rm 0" which should allow the daemon to receive remote logs.
The log server is not receiving remote logs, and I noticed that port 514 is not open. Do I just need to open this port, and if so, how?
did you make sure to restart the syslogd daemon ? usually something like /etc/init.d/syslog stop then do a start.... not sure though without knowing what distro your using.
to open port 514 on the remote system, not sure what distro your using but like in slackware is what i use.. i would check the /etc/services file.. in which port 514 is used for syslog.
also make sure the system your sending the log to doesn't have any firewall rules setup, like ipchains for example.. if it does, you'll have to have port 514 open and allowed to pass thru..
You know I had tried those good suggestions, and was about to give up when the problem 'magically' went away. By the way, both boxes are RH 7.2.
Actually I think I must not have been taking actions on the log client that would generate a write to the server. Since port 514 was not open and I was sure that it had to be, I thought there must have been some other problem.
Thanks to snort, I learned that the logs are received on the non-well-known and randomly chosen ports, not 514. This is contrary to what I had read. It seems to work out better this way though, as you can have no services running on dedicated ports. Adding a few chains/tables rules on top of that, the log server becomes much harder to detect from scanning programs.
Ahhhh, it's always such a relief when something that should work, actually does.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.