LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-17-2011, 11:01 AM   #1
Chenchu
Member
 
Registered: Nov 2009
Location: Mars
Distribution: CentOS
Posts: 50

Rep: Reputation: 20
syslog remote logging with rsyslog server


hello,

I'm running 2 machines, one Redhat 6 and one Centos 5.
the Redhat machine runs rsyslog, and it functions as the server
and the Centos 5 runs syslog and functions as the client.

here is what I changed on the /etc/rsyslog.conf @ REDHAT:
Code:
# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514
and that's what I changed on the /etc/syslog.conf @ CENTOS:
Code:
*.info                             @192.168.0.6
192.168.0.6 is Redhat's ip.

Now when I tested it with SELinux it looks like SELinux blocks the syslog daemon from contacting the rsyslog server, so I disabled SELinux but it still not working. any idea's?

Last edited by Chenchu; 09-17-2011 at 11:34 AM. Reason: solved
 
Old 09-17-2011, 11:06 AM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Have you restarted the syslog service on both hosts after the changes? And how are you testing? Try something like (on the CentOS host):
Code:
$ logger -p kern.info 'Just me testing'
If that is not appearing in the RHEL6 logs, are you filtering inbound traffic on that host? You'll need to open up UDP 514 to at least allow from the CentOS host's IP.
 
Old 09-17-2011, 11:34 AM   #3
Chenchu
Member
 
Registered: Nov 2009
Location: Mars
Distribution: CentOS
Posts: 50

Original Poster
Rep: Reputation: 20
Thank you for the quick answer.

I did restart both syslog daemons, but I forgot to shutdown the firewall & selinux on the server side (Redhat).

After doing so, tested it and it works

thanks again.
 
Old 09-17-2011, 01:34 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Quote:
Originally Posted by Chenchu View Post
I forgot to shutdown the firewall & selinux on the server side (Redhat).
Even for testing disabling the firewall is completely unnecessary: just punch the right source / destination hole through the firewall. The same goes for SELinux: if it has any effect on Rsyslog then you'll find clues and remedies in /var/log/messages and /var/log/audit/audit.log.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
syslog-ng trying for remote logging sir-lancealot Linux - Server 0 06-26-2009 11:03 AM
Remote syslog logging for apache logs linuxfia Linux - Software 2 02-02-2009 06:14 PM
[syslog-ng] logging remote server by IP address noir911 Linux - Server 3 02-12-2008 03:25 AM
logging to a remote syslog server is dropping packets draeician73 Linux - Security 1 10-20-2004 06:19 PM
SYSLOG - logging to Remote Host dvong3 Linux - Networking 4 09-24-2002 07:14 AM


All times are GMT -5. The time now is 07:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration