[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sending syslog to another machine

Rick Stevens wrote:

> Also, both the old syslogd and the newer rsyslogd have to have the "-r"
> option specified for them to actually listen to the network (the "-r"
> can also have a port number appended, e.g. "-r 514").  Not sure about
> ng-syslog, but I suspect the same is true.
> On Red Hattish machines, options are passed to the syslog daemon by
> values stuffed into the "SYSLOGD_OPTIONS" line of either the
> "/etc/sysconfig/syslog" or "/etc/sysconfig/rsyslog" file (depending on
> which syslog daemon you're running.  By default, you'll find
> SYSLOGD_OPTIONS="-c 3" (/etc/sysconfig/rsyslog)
> SYSLOGD_OPTIONS="-m 0" (/etc/sysconfig/syslog)
> Prepend that with "-r" (e.g. SYSLOGD_OPTIONS="-r -c 3") and then do a
> "service syslog restart".  It should start listening to the network.

Thanks very much.
It seems very complicated.

I wonder if I have taken the right steps?

1) I've uncommented and edited the line
	*.* @@
in /etc/rsyslog.conf on the client laptop ("mary").

2) I see that the remote machine ("helen"),
which is running under Centos-5.2,
is actually running syslog rather than rsyslog,
and already has

3) I've run
	sudo service rsyslog restart
on mary, and .
	sudo service syslog restart
on helen for good measure.

4) I'm running shorewall on helen, so I've added
	Syslog/ACCEPT   loc             $FW
to /etc/shorewall/rules on helen.

The net effect of all this seems to be that kernel messages
are no longer being sent to /var/log/messages on mary,
but they are not appearing on helen.

I notice that
	sudo telnet helen 514
fails. Does telnet only test tcp and not udp?

I tried
	sudo nmap -sU -F
but this never seems to return.

[Incidentally, I tried adding -r to /etc/sysconfig/rsyslog on mary,
but she didn't like it, and said the -r option was ignored.]

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]