LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-03-2011, 11:21 AM   #1
felix001
Member
 
Registered: Jan 2009
Posts: 101

Rep: Reputation: 15
Centos Syslog Issue


Im currently centos and im trying to stop syslogd from listening on port 514. Ive tried removing the -r option from the /etc/sysconfig/syslog file but it fails to work. Has anyone any ideas ???

Thanks in advance...
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 03-03-2011, 12:00 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
Did you 'kill -HUP' syslogd?
 
Old 03-03-2011, 12:02 PM   #3
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Take a look in /etc/init.d/sysklogd.conf and see if the -r option is being used.
 
Old 03-03-2011, 12:27 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Which CentOS version? I browsed through the syslogd(8) manpages on RHEL 4 and 5. Apart from what you already tried, I don't see an obvious option for doing this. (FreeBSD has some baked-in options for just this sort of thing.)

I'd be curious to see which options your syslogd is currently running with:
Code:
$ ps -ef | grep [s]yslogd
 
Old 03-03-2011, 03:31 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
Quote:
Originally Posted by anomie View Post
Code:
$ ps -ef | grep [s]yslogd
You mean 'pgrep syslog'?


Quote:
Originally Posted by corp769 View Post
/etc/init.d/sysklogd.conf
You mean /etc/sysconfig/syslog? /etc(/rc.d)/init.d/ is for SysV init scripts.
 
Old 03-03-2011, 03:50 PM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn
You mean 'pgrep syslog'?
Nyet! I want to see the options (in the process table listing), not the PID.
 
Old 03-03-2011, 05:55 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
Ah, 'pgrep -l syslog' :-]
 
Old 03-04-2011, 10:58 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
Uh 'pgrep -lf syslog'!
 
2 members found this post helpful.
Old 03-10-2011, 11:57 AM   #9
felix001
Member
 
Registered: Jan 2009
Posts: 101

Original Poster
Rep: Reputation: 15
In the end I found that even when I ran syslogd without any options it still opened a listening socket on 514/udp.
To stop this I commented out the syslog line from the /etc/services file and restarted syslogd.
 
Old 03-10-2011, 12:30 PM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
Quote:
Originally Posted by felix001 View Post
To stop this I commented out the syslog line from the /etc/services file and restarted syslogd.
As long as I have run Linux I have not ever seen any relation whatsoever between having /etc/service entries and enabling a service like that in syslogd:
Code:
]# getent services syslog
syslog          514/udp
syslog-conn     601/tcp                         # Reliable Syslog Service
syslog-conn     601/udp                         # Reliable Syslog Service
syslog-tcp      1514/tcp                        # TCP-based Rsyslog

]# netstat -anulpe|awk -F'/' '/:/ {print $NF}'|sort -u|xargs
dhclient ntpd pdnsd
so I strongly doubt that was the "solution".
 
Old 03-10-2011, 02:53 PM   #11
felix001
Member
 
Registered: Jan 2009
Posts: 101

Original Poster
Rep: Reputation: 15
As soon as I removed that line and restarted the syslogd reported an error about not being able to assign a socket and started.
From what I have read the /etc/services file is used to determine the port of syslogd though normally I just remove the -r option from /etc/sysconfig/syslog to disable remote logging.

Either way I tested this on another server and it certainly does work :

Code:
[root@server ~]# netstat -an | grep 514
udp   108324      0 0.0.0.0:514                 0.0.0.0:*
[root@server ~]# sed -i 's/^syslog */#syslog/g' /etc/services
[root@server ~]# service syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]
[root@server ~]# netstat -an | grep 514
[root@server ~]#
 
Old 03-10-2011, 04:45 PM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
You haven't posted any 'pgrep -lf syslog' nor any 'cat /etc/*syslog*.conf' output to corroborate what you think you see. I remain one hundred percent unconvinced still.
 
Old 03-10-2011, 07:15 PM   #13
felix001
Member
 
Registered: Jan 2009
Posts: 101

Original Poster
Rep: Reputation: 15
ok, i finally found what was causing the confusion. If you enable the @[host] statement within the /etc/syslog.conf file it enables remote logging.
Code:
[root@Fileserver ~]# cat /etc/*syslog*.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

*.*                                                       /var/log/messages
[root@Fileserver ~]# pgrep -lf syslog
21248 syslogd -x -m 0
[root@Fileserver ~]# netstat -an | grep 514
[root@Fileserver ~]# echo "*.* @10.1.1.203" >> /etc/syslog.conf
[root@Fileserver ~]# /etc/init.d/syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]
[root@Fileserver ~]# netstat -an | grep 514
udp        0      0 0.0.0.0:514                 0.0.0.0:*                       
[root@Fileserver ~]# pgrep -lf syslog
21273 syslogd -x -m 0
[root@Fileserver ~]# cat /etc/*syslog*.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

*.*                                                       /var/log/messages
*.* @10.1.1.203
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
CentOS Syslog Server Help j8177e5 Linux - General 4 06-03-2011 06:15 AM
Booting Centos 5.4 Issue: "CentOS CD Not found in any of the media drives. Please i g.navink Red Hat 1 04-07-2010 05:12 PM
syslog-ng confgiuration on centOS prasadtvs2003 Linux - Newbie 4 06-15-2009 04:07 AM
Help With Syslog Issue adimenia Linux - Networking 1 05-30-2008 10:36 AM
SYSLOG port issue daldyr Linux - Networking 2 03-29-2007 01:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration