Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-03-2011, 11:21 AM
|
#1
|
Member
Registered: Jan 2009
Posts: 101
Rep:
|
Centos Syslog Issue
Im currently centos and im trying to stop syslogd from listening on port 514. Ive tried removing the -r option from the /etc/sysconfig/syslog file but it fails to work. Has anyone any ideas ???
Thanks in advance...
|
|
|
Click here to see the post LQ members have rated as the most helpful post in this thread.
|
03-03-2011, 12:00 PM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Did you 'kill -HUP' syslogd?
|
|
|
03-03-2011, 12:02 PM
|
#3
|
LQ Guru
Registered: Apr 2005
Location: /dev/null
Posts: 5,818
|
Take a look in /etc/init.d/sysklogd.conf and see if the -r option is being used.
|
|
|
03-03-2011, 12:27 PM
|
#4
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Rep:
|
Which CentOS version? I browsed through the syslogd(8) manpages on RHEL 4 and 5. Apart from what you already tried, I don't see an obvious option for doing this. (FreeBSD has some baked-in options for just this sort of thing.)
I'd be curious to see which options your syslogd is currently running with:
Code:
$ ps -ef | grep [s]yslogd
|
|
|
03-03-2011, 03:31 PM
|
#5
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by anomie
Code:
$ ps -ef | grep [s]yslogd
|
You mean 'pgrep syslog'?
Quote:
Originally Posted by corp769
/etc/init.d/sysklogd.conf
|
You mean /etc/sysconfig/syslog? /etc(/rc.d)/init.d/ is for SysV init scripts.
|
|
|
03-03-2011, 03:50 PM
|
#6
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Rep:
|
Quote:
Originally Posted by unSpawn
You mean 'pgrep syslog'?
|
Nyet! I want to see the options (in the process table listing), not the PID.
|
|
|
03-03-2011, 05:55 PM
|
#7
|
Moderator
Registered: May 2001
Posts: 29,415
|
Ah, 'pgrep -l syslog' :-]
|
|
|
03-04-2011, 10:58 AM
|
#8
|
Moderator
Registered: May 2001
Posts: 29,415
|
Uh 'pgrep -lf syslog'!
|
|
2 members found this post helpful.
|
03-10-2011, 11:57 AM
|
#9
|
Member
Registered: Jan 2009
Posts: 101
Original Poster
Rep:
|
In the end I found that even when I ran syslogd without any options it still opened a listening socket on 514/udp.
To stop this I commented out the syslog line from the /etc/services file and restarted syslogd.
|
|
|
03-10-2011, 12:30 PM
|
#10
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by felix001
To stop this I commented out the syslog line from the /etc/services file and restarted syslogd.
|
As long as I have run Linux I have not ever seen any relation whatsoever between having /etc/service entries and enabling a service like that in syslogd:
Code:
]# getent services syslog
syslog 514/udp
syslog-conn 601/tcp # Reliable Syslog Service
syslog-conn 601/udp # Reliable Syslog Service
syslog-tcp 1514/tcp # TCP-based Rsyslog
]# netstat -anulpe|awk -F'/' '/:/ {print $NF}'|sort -u|xargs
dhclient ntpd pdnsd
so I strongly doubt that was the "solution".
|
|
|
03-10-2011, 02:53 PM
|
#11
|
Member
Registered: Jan 2009
Posts: 101
Original Poster
Rep:
|
As soon as I removed that line and restarted the syslogd reported an error about not being able to assign a socket and started.
From what I have read the /etc/services file is used to determine the port of syslogd though normally I just remove the -r option from /etc/sysconfig/syslog to disable remote logging.
Either way I tested this on another server and it certainly does work :
Code:
[root@server ~]# netstat -an | grep 514
udp 108324 0 0.0.0.0:514 0.0.0.0:*
[root@server ~]# sed -i 's/^syslog */#syslog/g' /etc/services
[root@server ~]# service syslog restart
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
[root@server ~]# netstat -an | grep 514
[root@server ~]#
|
|
|
03-10-2011, 04:45 PM
|
#12
|
Moderator
Registered: May 2001
Posts: 29,415
|
You haven't posted any 'pgrep -lf syslog' nor any 'cat /etc/*syslog*.conf' output to corroborate what you think you see. I remain one hundred percent unconvinced still.
|
|
|
03-10-2011, 07:15 PM
|
#13
|
Member
Registered: Jan 2009
Posts: 101
Original Poster
Rep:
|
ok, i finally found what was causing the confusion. If you enable the @[host] statement within the /etc/syslog.conf file it enables remote logging.
Code:
[root@Fileserver ~]# cat /etc/*syslog*.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
*.* /var/log/messages
[root@Fileserver ~]# pgrep -lf syslog
21248 syslogd -x -m 0
[root@Fileserver ~]# netstat -an | grep 514
[root@Fileserver ~]# echo "*.* @10.1.1.203" >> /etc/syslog.conf
[root@Fileserver ~]# /etc/init.d/syslog restart
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
[root@Fileserver ~]# netstat -an | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*
[root@Fileserver ~]# pgrep -lf syslog
21273 syslogd -x -m 0
[root@Fileserver ~]# cat /etc/*syslog*.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
*.* /var/log/messages
*.* @10.1.1.203
|
|
|
All times are GMT -5. The time now is 03:06 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|