Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Just want to ask regarding syslog server, i'ved setup a RHEL4 as a syslog server, and i follow their tutorial on how to accept syslogs from remote, setting SYSLOGD_OPTIONS="-m 0 -r" but for some reasons, i could not manage to make the syslog service to listen on port 514.
Here what i did, I set the value -r on /etc/sysconfig/syslog (see info below)
# THIS FILE IS LOCATED ON /etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0 -r -x"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
After restarting the service by typing service syslog restart, i issue a command netstat -ntlp, i couldn't find any port 514 for syslog. Pls help me guys...
Ok, sorry for the wrong forum, so is there any step by step tutorial on how to install syslog-ng? and where can i down load this installer for redhat? many thanks
well plenty of standard documents exist for it, just google. as for a download, google for "syslog-ng el4 rpm" and you're bound to get lucky. probably want the 2.0.3 version out a few weeks ago, but i've not seen rpm's for it yet.
i end u pusing gentoo guides as they're quite well written and generic, but you can find many many guides online to suit your needs. balabit.com is the syslog-ng home for the ultimate reference.
ok thanks acid_kewpie, but right now i'ved been encountering errors when i do some modification on syslog-ng.conf, i add this line
source local {
unix-stream("/dev/log");
udp();
tcp(ip(0.0.0.0) port(514) max-connections(300));
internal();
};
and when i start the syslog-ng using the command service syslog-ng start, i get an error of...
[root@localhost syslog-ng]# service syslog-ng start
Starting system logger: io.c: bind_inet_socket() bind failed 0.0.0.0:514 Permission denied
Error initializing configuration, exiting.
[FAILED]
but when i remove the line "tcp(ip(0.0.0.0) port(514) max-connections(300));" everything runs smoothly, what i'm trying to do is to run it or listen it on port 514, so that it can accept syslog messages.
wll that's for a source called "local" and in it you're looking to recieve network conenctions from other hosts? not particuarly local is it? ;-) add a seperate log source, e.g. "net" to receive these. you'll most likely want to keep seperate local machine logs from logs being sent to you from other sites, as they are often relating to different things...
that's not the actual problem though. it's probably that syslogd is already running (you will need to uninstall the rpm package for it - rpm -e sysklogd - and restart the service. also check output of "lsof -i UDP:514" to see if anything is currently hooked onto that port (or TCP:514 of course...)
well remember firstly that udp is MUCH more common than tpc for syslog. tcp is getting more common, and it may well be you can live purely with tcp, but it's still officially "odd".
as for the problem then... try "tcp(port(514));" and also try port 5140 to see if an ephemeral port works better, shoudln't do though.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.