LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-24-2002, 03:48 AM   #1
dvong3
Member
 
Registered: Sep 2002
Posts: 168

Rep: Reputation: 30
SYSLOG - logging to Remote Host


Hi,

I would like to redirect my VPN event log to my LINUX 7.1 using syslog. The VPN concentrator is set up to sent all event logs to 172.16.20.2 (Linux 7.1) but no syslog message is generated. Here's my setup.

- edited /etc/sysconfig/syslog ; SYSLOGD_OPRIONS="-r -m 0"
- edited /etc/syslog.conf; *.* @loghost
- edited /etc/hosts ; ip for loghost
- restart syslog

Can someone out there give me some advice to modify /etc/syslog.conf or install new syslog program?

Dan
 
Old 09-24-2002, 04:22 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
According to man syslogd & man syslog.conf, the @ is used to send to a remote host using the standard syslog service ports.
Putting that into the receiving syslog.conf must forward them away, and the replies to itself, yes?
Unless you have a previous line which creates a file/pipe/~ to store them locally...

Regards,
Peter
 
Old 09-24-2002, 06:15 AM   #3
dvong3
Member
 
Registered: Sep 2002
Posts: 168

Original Poster
Rep: Reputation: 30
Hi Peter,

O.K I removed /etc/syslog.conf; *.* @loghost and
/etc/hosts ; ip for loghost. What should I put on syslog.conf? What steps should I take to get VPN event log forward to my LInux box? I try many scripts but no luck.

Dan
 
Old 09-24-2002, 06:25 AM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
There is a standard *nix syslog service using udp port 514 .
Your VPN hardware needs to be able to use this udp port.
If it uses another port, you can make a PREROUTING rule in your Linux box's firewall to REDIRECT to port 514.

Add a LOG rule to find out what is being sent to yr Linux box.

Regards,
Peter

Last edited by peter_robb; 09-24-2002 at 06:26 AM.
 
Old 09-24-2002, 07:14 AM   #5
dvong3
Member
 
Registered: Sep 2002
Posts: 168

Original Poster
Rep: Reputation: 30
Yes my VPN is using port 514. Here is my VPN set up:

Syslog server- 172.16.10.2
Port- 514
Facility? Local 7 (select syslog facility tag for events sent to server

Right now, I see message on /var/log/messages :

Sep 24 04:43:01 172.16.20.100 1156664 09/24/2002 04:35:43.280 SEV=3 HTTP/7 RPT=105 172.16.20.2 HTTP 401 Unauthorized: Authorization Failed

Sep 24 04:43:23 172.16.20.100 1156675 09/24/2002 04:36:05.680 SEV=4 HTTP/47 RPT=42 172.16.20.2 New administrator login: admin.

O.K now I'm able to get message from the VPN, only the
authentication. I was hoping to get the event log that have outside connection log. I think the parameter need to be set on the VPN concentrator. How do I move the message log to another directory instead of /var/log/messages? Where can I get info to set up LOG rule. Sorry I'm new to LINUX, please bear with me.

Dan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Logging firewall with syslog-ng? RecoilUK Linux - Security 1 08-06-2005 04:28 PM
logging to a remote syslog server is dropping packets draeician73 Linux - Security 1 10-20-2004 06:19 PM
syslog running but not logging tantric Linux - Security 1 10-15-2003 07:24 AM
logging information into syslog prisam Linux - Security 1 08-05-2003 09:58 AM
can't get syslog to log to remote host o4m Linux - Software 1 08-25-2002 07:16 AM


All times are GMT -5. The time now is 09:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration