LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 05-11-2007, 04:07 AM   #1
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Rep: Reputation: 15
Syslog Server on RHEL4


Hi Guys,

Just want to ask regarding syslog server, i'ved setup a RHEL4 as a syslog server, and i follow their tutorial on how to accept syslogs from remote, setting SYSLOGD_OPTIONS="-m 0 -r" but for some reasons, i could not manage to make the syslog service to listen on port 514.

Here what i did, I set the value -r on /etc/sysconfig/syslog (see info below)

# THIS FILE IS LOCATED ON /etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0 -r -x"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"

After restarting the service by typing service syslog restart, i issue a command netstat -ntlp, i couldn't find any port 514 for syslog. Pls help me guys...

[root@localhost ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8100 0.0.0.0:* LISTEN 3169/python
tcp 0 0 0.0.0.0:199 0.0.0.0:* LISTEN 2904/snmpd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3056/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2798/portmap
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 3173/python
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 3178/python
tcp 0 0 :::22 :::* LISTEN 2955/sshd



gurl4sh25
 
Old 05-11-2007, 04:18 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
firstly, not a networkig question. moved to Linux - Server.

secondly. drop syslogd. use syslog-ng instead, MUCH MUCH better for this. also, splunk is even cooler still...
 
Old 05-11-2007, 04:52 AM   #3
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Original Poster
Rep: Reputation: 15
Ok, sorry for the wrong forum, so is there any step by step tutorial on how to install syslog-ng? and where can i down load this installer for redhat? many thanks
 
Old 05-11-2007, 04:58 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
well plenty of standard documents exist for it, just google. as for a download, google for "syslog-ng el4 rpm" and you're bound to get lucky. probably want the 2.0.3 version out a few weeks ago, but i've not seen rpm's for it yet.
 
Old 05-11-2007, 05:11 AM   #5
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Original Poster
Rep: Reputation: 15
ok, just finish installing it, so how do i make it to accept syslogs? is there any good tutorial for setting up a centralized syslog-ng?
 
Old 05-11-2007, 06:44 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
i end u pusing gentoo guides as they're quite well written and generic, but you can find many many guides online to suit your needs. balabit.com is the syslog-ng home for the ultimate reference.
 
Old 05-11-2007, 06:58 AM   #7
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Original Poster
Rep: Reputation: 15
ok thanks acid_kewpie, but right now i'ved been encountering errors when i do some modification on syslog-ng.conf, i add this line

source local {
unix-stream("/dev/log");
udp();
tcp(ip(0.0.0.0) port(514) max-connections(300));
internal();
};

and when i start the syslog-ng using the command service syslog-ng start, i get an error of...

[root@localhost syslog-ng]# service syslog-ng start
Starting system logger: io.c: bind_inet_socket() bind failed 0.0.0.0:514 Permission denied
Error initializing configuration, exiting.
[FAILED]

but when i remove the line "tcp(ip(0.0.0.0) port(514) max-connections(300));" everything runs smoothly, what i'm trying to do is to run it or listen it on port 514, so that it can accept syslog messages.

Please help..
 
Old 05-11-2007, 07:22 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
wll that's for a source called "local" and in it you're looking to recieve network conenctions from other hosts? not particuarly local is it? ;-) add a seperate log source, e.g. "net" to receive these. you'll most likely want to keep seperate local machine logs from logs being sent to you from other sites, as they are often relating to different things...

that's not the actual problem though. it's probably that syslogd is already running (you will need to uninstall the rpm package for it - rpm -e sysklogd - and restart the service. also check output of "lsof -i UDP:514" to see if anything is currently hooked onto that port (or TCP:514 of course...)
 
Old 05-11-2007, 07:42 AM   #9
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Original Poster
Rep: Reputation: 15
i'ved already uninstalled sysklogd, and have verified that there's no syslog running on the background, i'ved tried to change the line

tcp(ip(0.0.0.0) port(514) max-connections(300));

to

udp(ip(0.0.0.0) port(514) max-connections(300));

and everything seems right and running, but when i change back to tcp, i'ved encountered an error

[root@localhost etc]# service syslog-ng start
Starting system logger: Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Permission denied (13)'
Error initializing source driver; source='s_sys'
[FAILED]


what i really wanted to do is to establish it on a tcp port. seem's a pretty tough one to resolve... =(
 
Old 05-11-2007, 07:49 AM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
well remember firstly that udp is MUCH more common than tpc for syslog. tcp is getting more common, and it may well be you can live purely with tcp, but it's still officially "odd".

as for the problem then... try "tcp(port(514));" and also try port 5140 to see if an ephemeral port works better, shoudln't do though.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pop3 server for RHEL4 Noodles25 Red Hat 5 04-03-2007 07:36 PM
RHEL4: Server vs Workstation hatuey Red Hat 4 07-25-2006 12:52 PM
LXer: Centralized Syslog Server Using syslog-NG LXer Syndicated Linux News 0 04-28-2006 06:21 PM
Syslog Server Recommendations Yomaoni Linux - Software 3 02-28-2006 03:04 PM
Syslog Server MrJoshua Linux - Software 1 10-26-2005 02:56 PM


All times are GMT -5. The time now is 07:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration