LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-10-2017, 02:42 AM   #1
businesscat
Member
 
Registered: Jun 2017
Location: Spain
Distribution: RedHat 6.9 /Centos 8
Posts: 42

Rep: Reputation: Disabled
add listen port 514 for syslog


Hi everyone!

I need configure one host to keep the logs of other hosts. But when I try to do that...some issues appear...

How can I add the port 514 to LISTEN on IPTABLES?

My iptables:

Code:
[root@MACHINE1]# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

My netstat:

Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      2887/snmpd          
tcp        0      0 127.0.0.1:39084             0.0.0.0:*                   LISTEN      2760/pbx_exchange   
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2645/portmap        
tcp        0      0 0.0.0.0:753                 0.0.0.0:*                   LISTEN      2691/rpc.statd      
tcp        0      0 0.0.0.0:1556                0.0.0.0:*                   LISTEN      2760/pbx_exchange   
tcp        0      0 127.0.0.1:1557              0.0.0.0:*                   LISTEN      2760/pbx_exchange   
tcp        0      0 0.0.0.0:13782               0.0.0.0:*                   LISTEN      2950/bpcd           
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2908/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      3008/sendmail: acce 
tcp        0      0 127.0.0.1:6010              0.0.0.0:*                   LISTEN      16772/0             
tcp        0      0 0.0.0.0:13724               0.0.0.0:*                   LISTEN      2947/vnetd          
tcp        0      0 127.0.0.1:58975             127.0.0.1:39084             ESTABLISHED 2947/vnetd          
tcp        0      0 127.0.0.1:58977             127.0.0.1:39084             ESTABLISHED 2950/bpcd           
tcp        0      0 127.0.0.1:39084             127.0.0.1:58975             ESTABLISHED 2760/pbx_exchange   
tcp        0      0 127.0.0.1:39084             127.0.0.1:58977             ESTABLISHED 2760/pbx_exchange   
tcp        0    300 172.30.190.6:22             10.59.200.29:55011          ESTABLISHED 16767/sshd: x000804 
udp        0      0 0.0.0.0:161                 0.0.0.0:*                               2887/snmpd          
udp        0      0 0.0.0.0:747                 0.0.0.0:*                               2691/rpc.statd      
udp        0      0 0.0.0.0:750                 0.0.0.0:*                               2691/rpc.statd      
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2645/portmap

Thanks in advance
 
Old 08-10-2017, 05:03 AM   #2
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009
I don't think iptables is the problem, since it allows everything. Netstat shows nothing listeningon 514. Even if iptables blocked everything, if you configure something to listen on a certain port, it will still show up in netstat.

So, you need to configure the syslog daemon on each client to send the output to port 514 and the IP of the remote machine. Then you have to configure the syslog daemon on the remote machine to receive the output of the other machines. Usually enabling remote logging will take care of the details.
 
Old 08-10-2017, 05:31 AM   #3
businesscat
Member
 
Registered: Jun 2017
Location: Spain
Distribution: RedHat 6.9 /Centos 8
Posts: 42

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by AwesomeMachine View Post
I don't think iptables is the problem, since it allows everything. Netstat shows nothing listeningon 514. Even if iptables blocked everything, if you configure something to listen on a certain port, it will still show up in netstat.

So, you need to configure the syslog daemon on each client to send the output to port 514 and the IP of the remote machine. Then you have to configure the syslog daemon on the remote machine to receive the output of the other machines. Usually enabling remote logging will take care of the details.
You´re right. The issue was the status of service syslog-ng. When I started the service, it works:


Code:
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      2887/snmpd          
tcp        0      0 127.0.0.1:39084             0.0.0.0:*                   LISTEN      2760/pbx_exchange   
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2645/portmap        
tcp        0      0 0.0.0.0:753                 0.0.0.0:*                   LISTEN      2691/rpc.statd      
tcp        0      0 0.0.0.0:1556                0.0.0.0:*                   LISTEN      2760/pbx_exchange   
tcp        0      0 127.0.0.1:1557              0.0.0.0:*                   LISTEN      2760/pbx_exchange   
tcp        0      0 0.0.0.0:13782               0.0.0.0:*                   LISTEN      2950/bpcd           
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2908/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      3008/sendmail: acce 
tcp        0      0 127.0.0.1:6010              0.0.0.0:*                   LISTEN      17748/0             
tcp        0      0 0.0.0.0:13724               0.0.0.0:*                   LISTEN      2947/vnetd          
tcp        0      0 127.0.0.1:58975             127.0.0.1:39084             ESTABLISHED 2947/vnetd          
tcp        0      0 127.0.0.1:58977             127.0.0.1:39084             ESTABLISHED 2950/bpcd           
tcp        0      0 127.0.0.1:39084             127.0.0.1:58975             ESTABLISHED 2760/pbx_exchange   
tcp        0      0 127.0.0.1:39084             127.0.0.1:58977             ESTABLISHED 2760/pbx_exchange   
tcp        0    300 172.30.190.6:22             10.59.200.29:60432          ESTABLISHED 17743/sshd: x000804 
udp        0      0 0.0.0.0:514                 0.0.0.0:*                               17265/syslog-ng     
udp        0      0 0.0.0.0:161                 0.0.0.0:*                               2887/snmpd          
udp        0      0 0.0.0.0:747                 0.0.0.0:*                               2691/rpc.statd      
udp        0      0 0.0.0.0:750                 0.0.0.0:*                               2691/rpc.statd      
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2645/portmap

udp 0 0 0.0.0.0:514 0.0.0.0:* 17265/syslog-ng

I need sleep, thank you! I appreciate your time and sorry for my stupid mistake.
 
  


Reply

Tags
iptables, syslog


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
rsyslog is not listening on port 514 sam_nyc Linux - Newbie 4 01-03-2014 12:14 AM
Send a UDP Syslog packet with Source Port set to 514 fjkum Programming 1 01-26-2010 03:53 PM
Syslog not binding to 514 awilisch Linux - Server 2 06-28-2008 07:54 AM
Testing message to SyslogD UDP port 514. Zepiroth Linux - Server 0 09-01-2006 12:13 AM
port 520 and 514. SHould I block these ports? cevjr Linux - Security 1 05-11-2004 12:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration