[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 514/ucp won't listen for remote syslog

Normally with RedHat you set the options for syslog in
/etc/sysconfig/syslog.  However, if you added the -r to the
/etc/init.d/syslog it will still work.

UDP doesn't show LISTENING in the state column of netstat.  If you issue
netstat -uln you will get a list of just listening UDP ports.  Yous
should see 514 listed as:
udp	0	0 0.0.0.0:514	0.0.0.0:*

That is how the RH7.1 machine that I have here doing network syslogging
shows, and everything is working fine.
--

On Fri, 2003-01-10 at 08:55, Dan Fleischer wrote:
> I'm setting up a syslog server on our LAN for diagnostic reasons.  The
> machine I've setup is running RH7.1, stock kernel 2.4.2-2 (the problems
> I'm listing below were repeated on a different box running RH7.3)  
> syslogd is running with the '-r' option in '/etc/init.d/syslog' so that
> it can listen to another machine on the LAN.
> 
> Restarting the syslog service generates the following messages:
> Shutting down kernel logger:                               [  OK  ]
> Shutting down system logger:                               [  OK  ]
> Starting system logger:                                    [  OK  ]
> Starting kernel logger:                                    [  OK  ]
> 
> Then I run 'netstat -an' and get:
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address        
> State
> tcp        0      0 0.0.0.0:1024            0.0.0.0:*              
> LISTEN
> tcp        0      0 0.0.0.0:515             0.0.0.0:*              
> LISTEN
> tcp        0      0 0.0.0.0:111             0.0.0.0:*              
> LISTEN
> tcp        0      0 0.0.0.0:22              0.0.0.0:*              
> LISTEN
> tcp        0      0 192.168.1.114:22        192.168.1.83:37072     
> ESTABLISHED
> udp        0      0 0.0.0.0:1024            0.0.0.0:*
> udp        0      0 0.0.0.0:514             0.0.0.0:*
> udp        0      0 0.0.0.0:602             0.0.0.0:*
> udp        0      0 0.0.0.0:111             0.0.0.0:*
> 
> which shows that 514/udp is not listening.  Nmap confirms this.
> 
> Here's the default /etc/syslog.conf file:
> 
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> #kern.*                                                 /dev/console
> 
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none               
> /var/log/messages
> 
> # The authpriv file has restricted access.
> authpriv.*                                              /var/log/secure
> 
> # Log all the mail messages in one place.
> mail.*                                                  /var/log/maillog
> 
> 
> # Log cron stuff
> cron.*                                                  /var/log/cron
> 
> # Everybody gets emergency messages, plus log them on another
> # machine.
> *.emerg                                                 *
> 
> # Save mail and news errors of level err and higher in a
> # special file.
> uucp,news.crit                                          /var/log/spooler
> 
> # Save boot messages also to boot.log
> local7.*
> 
> What am I missing?  How can I get 514/udp to listen?
> 
> -- 
> Dan Fleischer
> Systems Administrator
> Bank & Trust Co.
> 401 N. Madison St.
> Litchfield, IL 62056
> 
> Ph. 217-324-3935
> http://www.bank-and-trust.com
> 
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
-- 
Todd Davis (tdavis@msfw.com)
Red Hat Certified Engineer (RHCE #807101281603181)


-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.