LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-18-2007, 09:50 PM   #1
noir911
Member
 
Registered: Apr 2004
Location: Baltimore, MD
Posts: 681

Rep: Reputation: Disabled
syslog and TCP


I have an Opensuse 10.3 box running syslog-ng as a loghost and waiting for TCP connections from remote hosts. I tested a suse client to log in there and that works fine.

However: when I try to log a box that only has syslog (not syslog-ng), it doesn't work. I guess this is because syslog on the client box is listeninig on UDP and syslog-ng _can_ listen on TCP.

My question: is there any way I can get syslog.conf to listen to TCP or get
syslog.conf to log message on the syslog-ng box?

I don't have any firewall in between the boxes and nothing in
/etc/hosts.{deny||allow}

Here's the lsof output on the client box for port 514: UDP *:514

Here's the lsof output on the log server for port 514:

syslog-ng 25290 root 3u IPv4 61279 TCP *:514
(LISTEN)

syslog-ng 25290 root 6u IPv4 61282 UDP *:514

Any help would be much appreciated. Thanks
 
Old 12-19-2007, 04:22 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
older syslog implementations can't handle TCP at all, although there are syntactically identical syslogd replacements like rsyslogd which can do it (with a config tweak of course...) but can you not just use syslog-ng anyway? it's more normal to just run syslog-ng on *BOTH* tcp and udp, config for which is totally trivial. within the source that's defining the tcp socket, just copy it and change it to udp.
 
Old 12-19-2007, 08:03 PM   #3
pengaru
LQ Newbie
 
Registered: Dec 2007
Distribution: GNU/Linux
Posts: 9

Rep: Reputation: 0
Why TCP anyways?
 
Old 12-20-2007, 01:38 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
why not? a reliable transport which allows for larger messages much easier, no way to lose messages on the wire and an implicit ability to therefore queue messages on a client for devlierey as and when a tcp connection can be correctly established...
 
Old 01-02-2008, 01:44 AM   #5
noir911
Member
 
Registered: Apr 2004
Location: Baltimore, MD
Posts: 681

Original Poster
Rep: Reputation: Disabled
Thanks for all the help.

I enabled UDP and I can get messages to and from syslog-ng (client/server).
But servers where I have syslog.conf still doesn't work -

I tried the following in /etc/syslog.conf -

*.* @loghost
or
*.* @loghost.domain.com

[ tab delimited ]

I can ping both the hosts and they are in the /etc/hosts file.

Is there anything I am doing wrong? Is there something else I should be looking at?

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Accessing TCP flags in TCP packets on Linux using C !! vishamr2000 Programming 2 10-16-2006 09:46 AM
Linux change TCP kernel Parameter for TCP DELAY ACK TICKS linux_mando Linux - Networking 5 08-22-2006 08:20 AM
LXer: Centralized Syslog Server Using syslog-NG LXer Syndicated Linux News 0 04-28-2006 06:21 PM
Woody 3.0 Open Ports 1470/tcp/uaiact 1518/tcp/vpvd What for?How can I remove them? alexxxis Debian 5 07-05-2004 05:18 PM
close port 6000/tcp 515/tcp SchwipSchwap Linux - Newbie 1 09-12-2002 08:24 AM


All times are GMT -5. The time now is 10:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration