Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 06-10-2004, 10:37 AM   #1
LQ Newbie
Registered: Jun 2003
Distribution: RH9, Gentoo, Slack
Posts: 23

Rep: Reputation: 15
sysklogd sending logs out the wrong interface

I tried searching for an answer this and couldn't find anything, so here goes:

I am trying to setup syslogd (sysklogd to be exact) to send out snort logs to a remote IDS box for filtering, etc.

In /etc/syslog.con I added the following entry:
auth.*                 @XX.XX.XX.XX
where XX.XX.XX.XX is the remote machine I need to send the logs to.

On the local box I have two interfaces: eth1 with IP This interface is not routable on our network, but it is setup as a spanned port on a managed switch to act as a passive sniffer. eth0 has IP, which is on our local admin LAN and has access to XX.XX.XX.XX.

I also added the following route:
route add XX.XX.XX.XX dev eth0
When I perform a traceroute XX.XX.XX.XX it does what I assume it should, it goes out (the gateway for the admin lan). However, the remote machine is not receiving any syslogs. When I goto the console and pull up ethereal, performa a scan on eth1, all of the UDP syslog packets are being sent out that interface, instead of eth0, which it desperately needs to go out.

If anyone can help me out with this it would be greatly appreciated.

I decided to reboot the server. When everything came back up and snort was started, I took a look at ethereal. Now syslog packets from the local machine are being sent out both interfaces. If I need to post screenshots, please let me know.

Last edited by slizadel; 06-10-2004 at 10:59 AM.
Old 06-10-2004, 07:13 PM   #2
Registered: Nov 2003
Location: austria
Distribution: debian
Posts: 667

Rep: Reputation: 30
"route add -host xx.xx.xx.xx eth0"
or send in a "route -n" + "ifconfig"

sl mritch.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sending, receiving through the USB interface The_Nerd Programming 5 02-13-2005 02:49 AM
URGENT: how to get an ip address of sending interface in C dravya Linux - General 4 05-25-2004 03:32 PM
Sending Linksys logs to Linux box and IP tables xavierh Linux - Wireless Networking 1 03-05-2004 09:09 AM
Sending system logs without having exim installed? frank2 Linux - Networking 0 02-28-2004 02:20 PM
web interface for viewing logs clau_bolson Linux - Software 5 02-03-2004 07:19 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:18 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration