LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 04-27-2002, 04:29 PM   #1
sts_cat
LQ Newbie
 
Registered: Mar 2001
Location: US West Coast
Distribution: RH
Posts: 18

Rep: Reputation: 0
Remote logging


A basic question:

I'd like to set up a remote log server. I edited syslog.conf on the client as appropriate, changing default settings such as /var/log/messages to @LOGHOSTNAME. On the log server I edited /etc/sysconfig/syslog, changing SYSLOGD_OPTIONS="-m 0" to SYSLOGD_OPTIONS="-rm 0" which should allow the daemon to receive remote logs.

The log server is not receiving remote logs, and I noticed that port 514 is not open. Do I just need to open this port, and if so, how?

Thanks!
 
Old 04-30-2002, 06:05 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
did you make sure to restart the syslogd daemon ? usually something like /etc/init.d/syslog stop then do a start.... not sure though without knowing what distro your using.

to open port 514 on the remote system, not sure what distro your using but like in slackware is what i use.. i would check the /etc/services file.. in which port 514 is used for syslog.
also make sure the system your sending the log to doesn't have any firewall rules setup, like ipchains for example.. if it does, you'll have to have port 514 open and allowed to pass thru..

Last edited by trickykid; 04-30-2002 at 06:13 PM.
 
Old 04-30-2002, 08:26 PM   #3
sts_cat
LQ Newbie
 
Registered: Mar 2001
Location: US West Coast
Distribution: RH
Posts: 18

Original Poster
Rep: Reputation: 0
Thanks Tricky!

You know I had tried those good suggestions, and was about to give up when the problem 'magically' went away. By the way, both boxes are RH 7.2.

Actually I think I must not have been taking actions on the log client that would generate a write to the server. Since port 514 was not open and I was sure that it had to be, I thought there must have been some other problem.

Thanks to snort, I learned that the logs are received on the non-well-known and randomly chosen ports, not 514. This is contrary to what I had read. It seems to work out better this way though, as you can have no services running on dedicated ports. Adding a few chains/tables rules on top of that, the log server becomes much harder to detect from scanning programs.

Ahhhh, it's always such a relief when something that should work, actually does.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote administration from RH9 to XP and logging renevanh Linux - Software 1 08-23-2005 03:51 AM
remote logging linuxboy69 Linux - Software 3 02-25-2004 04:30 PM
Remote logging? Inexactitude Linux - Networking 5 11-23-2003 02:02 PM
Remote Logging (Client Side) robeb Linux - General 3 10-13-2002 03:23 PM
SYSLOG - logging to Remote Host dvong3 Linux - Networking 4 09-24-2002 07:14 AM


All times are GMT -5. The time now is 03:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration