LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-09-2010, 07:37 PM   #1
alee
LQ Newbie
 
Registered: May 2008
Posts: 28

Rep: Reputation: 15
Configuring syslog and sending file to server


I have a firewall, where i have configured syslog (firwall is acting as syslog CLIENT).

There is another machine which is acting as syslog server.

I have configured syslog with stunnel according to the following site
http://www.stunnel.org/examples/syslog-ng.html

for easiness, right now i have disabled all firewall using comand
Code:
service iptables stop
now I am looking at my messages using command
Code:
tail -f /var/log/messages
and it is constantly displaying that syslog-ng - Connection Failed; connection refused (111)

I am not sure how to solve this issue, since both machines are pinging properly and all firewalls (on both machines) are stopped.
 
Old 06-10-2010, 01:58 AM   #2
saifkhan123
Member
 
Registered: Apr 2009
Distribution: Red Hat/CentOS
Posts: 108

Rep: Reputation: 19
it seems some kind of conflict, make sure that only one syslog daemon is running on your syslog server, i.e. the OS has a built-in syslog daemon running, you have to stop that built-in daemon to run your syslog-ng properly, kindly tell your OS plz??

Last edited by saifkhan123; 06-10-2010 at 02:01 AM.
 
Old 06-10-2010, 02:49 AM   #3
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
Just to be sure, you know that syslog and syslog-ng are 2 different systems. You need to have them both installed and running as a daemon on both server and client. And if you have followed the tutorial, then you need to open up port 514/tcp for localhost and 5140/tcp for all other clients on your server in iptables. On your clients you have to do something similarly.
 
Old 06-10-2010, 04:34 AM   #4
saifkhan123
Member
 
Registered: Apr 2009
Distribution: Red Hat/CentOS
Posts: 108

Rep: Reputation: 19
Quote:
Originally Posted by Blue_Ice View Post
Just to be sure, you know that syslog and syslog-ng are 2 different systems. You need to have them both installed and running as a daemon on both server and client. And if you have followed the tutorial, then you need to open up port 514/tcp for localhost and 5140/tcp for all other clients on your server in iptables. On your clients you have to do something similarly.
OP has mentioned that he has turned off the firewalls, so there is no point to open the ports as firewalls are off, 2nd thing is that, i dont think that syslog and syslog-ng can run together as a daemon, atleast not in Redhat or CentOS. You have to turn of the syslog first so that syslog-ng can take control of the system logs.
 
Old 06-10-2010, 04:59 AM   #5
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
Quote:
Originally Posted by saifkhan123 View Post
OP has mentioned that he has turned off the firewalls, so there is no point to open the ports as firewalls are off, 2nd thing is that, i dont think that syslog and syslog-ng can run together as a daemon, atleast not in Redhat or CentOS. You have to turn of the syslog first so that syslog-ng can take control of the system logs.
I am running CentOS 5.4 and both syslog and syslog-ng are running at the same time. So in my opinion it is very well possible. Anyway for what the OP wants he needs syslog-ng and not syslog.
Maybe the OP's firewall is turned off, but he is talking about that iptables is stopped for simplicity. Therefore it is good to mention what is required to for syslog-ng to be open. I think syslog-ng is not running, which will cause a connection refused.
 
Old 06-10-2010, 12:22 PM   #6
alee
LQ Newbie
 
Registered: May 2008
Posts: 28

Original Poster
Rep: Reputation: 15
how can i check if syslog and syslog-ng are running or not?

I am using fedora 10.
 
Old 06-10-2010, 02:16 PM   #7
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
Type the following at the terminal and press enter:
Code:
ps aux | grep syslog
This should return something like:
Code:
root      1885  0.0  0.0   5908   656 ?        Ss   19:46   0:01 syslogd -m 0
root      2207  0.1  0.1  15344  1608 ?        Ss   19:47   0:06 syslog-ng -p /var/run/syslog-ng.pid
50000     4201  0.0  0.0  61160   740 pts/0    S+   21:15   0:00 grep syslog
 
Old 06-10-2010, 06:35 PM   #8
alee
LQ Newbie
 
Registered: May 2008
Posts: 28

Original Poster
Rep: Reputation: 15
should i kill syslogd then? or which one?
 
Old 06-10-2010, 11:54 PM   #9
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
No, you don't need to kill syslogd, just make sure that syslog-ng is running.
 
Old 06-11-2010, 03:13 PM   #10
alee
LQ Newbie
 
Registered: May 2008
Posts: 28

Original Poster
Rep: Reputation: 15
okay, I have tested. on both machines, syslog-ng is running from the command
Code:
ps aux | grep syslog
Then i ran the stunnel and i am still getting the same error i.e. Connection being refused. I have made sure that iptables rules are flushed out and iptables are OFF .. .. and both machines are pinging each other properly .. :s

btw, there is an error that i always see whenever i run my syslog-ng conf file
Code:
2010.06.11 15:36:15 LOG7[23280:3079190320]: Snagged 64 random bytes from /root/.rnd
2010.06.11 15:36:15 LOG7[23280:3079190320]: Wrote 1024 new random bytes to /root/.rnd
2010.06.11 15:36:15 LOG7[23280:3079190320]: RAND_status claims sufficient entropy for the PRNG
2010.06.11 15:36:15 LOG7[23280:3079190320]: PRNG seeded successfully
file /etc/stunnel/stunnel.conf line 6: Specified option name is not valid here
and here is my stunnel.conf file

Code:
client=yes
cert=/etc/stunnel/syslog-ng-client.pem
CAfile=/etc/stunnel/syslog-ng-server.pem
verify=3
[5140]
   accept = 127.0.0.1:514
   connect = 192.168.1.10:5140
[/code]
 
Old 06-11-2010, 03:24 PM   #11
alee
LQ Newbie
 
Registered: May 2008
Posts: 28

Original Poster
Rep: Reputation: 15
Okay, I checked one more thing on my both machines.

I ran the following command to see if ports are open or not

Code:
netstat -nap | grep 514
and it returned
Code:
tcp    0    0 0.0.0.0:514            0.0.0.0:*            LISTEN        4255/rsyslogd
tcp    0    0 :::514                 :::*                 LISTEN        4255/rsyslogd
udp    0    0 0.0.0.0:514            0.0.0.0:*            LISTEN        4255/rsyslogd
udp    0    0 :::514                 :::*                 LISTEN        4255/rsyslogd
i think rsyslogd is built on top of syslog thing. do i have to shut it implicitly to run syslogd? or it is okay if it is running there?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I need help configuring a syslog server on a xen virtual machine sezam2 Linux - Server 7 02-21-2009 06:00 PM
sending appche log to a remote syslog server sezam2 Linux - Server 4 02-18-2009 07:09 PM
sending appache error to a syslog server sezam2 Linux - Networking 3 02-18-2009 03:39 PM
Sending 3rd party logs to remote syslog server OlRoy Linux - Server 3 12-24-2008 06:06 PM


All times are GMT -5. The time now is 10:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration