[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 514/ucp won't listen for remote syslog
You're right, I do have log entries even without 514/udp showing that it
is listening.
Why doesn't it show that it's listening?
On Fri, 2003-01-10 at 09:19, Todd J. Davis wrote:
> Normally with RedHat you set the options for syslog in
> /etc/sysconfig/syslog. However, if you added the -r to the
> /etc/init.d/syslog it will still work.
>
> UDP doesn't show LISTENING in the state column of netstat. If you issue
> netstat -uln you will get a list of just listening UDP ports. Yous
> should see 514 listed as:
> udp 0 0 0.0.0.0:514 0.0.0.0:*
>
> That is how the RH7.1 machine that I have here doing network syslogging
> shows, and everything is working fine.
> --
>
> On Fri, 2003-01-10 at 08:55, Dan Fleischer wrote:
> > I'm setting up a syslog server on our LAN for diagnostic reasons. The
> > machine I've setup is running RH7.1, stock kernel 2.4.2-2 (the problems
> > I'm listing below were repeated on a different box running RH7.3)
> > syslogd is running with the '-r' option in '/etc/init.d/syslog' so that
> > it can listen to another machine on the LAN.
> >
> > Restarting the syslog service generates the following messages:
> > Shutting down kernel logger: [ OK ]
> > Shutting down system logger: [ OK ]
> > Starting system logger: [ OK ]
> > Starting kernel logger: [ OK ]
> >
> > Then I run 'netstat -an' and get:
> > Active Internet connections (servers and established)
> > Proto Recv-Q Send-Q Local Address Foreign Address
> > State
> > tcp 0 0 0.0.0.0:1024 0.0.0.0:*
> > LISTEN
> > tcp 0 0 0.0.0.0:515 0.0.0.0:*
> > LISTEN
> > tcp 0 0 0.0.0.0:111 0.0.0.0:*
> > LISTEN
> > tcp 0 0 0.0.0.0:22 0.0.0.0:*
> > LISTEN
> > tcp 0 0 192.168.1.114:22 192.168.1.83:37072
> > ESTABLISHED
> > udp 0 0 0.0.0.0:1024 0.0.0.0:*
> > udp 0 0 0.0.0.0:514 0.0.0.0:*
> > udp 0 0 0.0.0.0:602 0.0.0.0:*
> > udp 0 0 0.0.0.0:111 0.0.0.0:*
> >
> > which shows that 514/udp is not listening. Nmap confirms this.
> >
> > Here's the default /etc/syslog.conf file:
> >
> > # Log all kernel messages to the console.
> > # Logging much else clutters up the screen.
> > #kern.* /dev/console
> >
> > # Log anything (except mail) of level info or higher.
> > # Don't log private authentication messages!
> > *.info;mail.none;authpriv.none;cron.none
> > /var/log/messages
> >
> > # The authpriv file has restricted access.
> > authpriv.* /var/log/secure
> >
> > # Log all the mail messages in one place.
> > mail.* /var/log/maillog
> >
> >
> > # Log cron stuff
> > cron.* /var/log/cron
> >
> > # Everybody gets emergency messages, plus log them on another
> > # machine.
> > *.emerg *
> >
> > # Save mail and news errors of level err and higher in a
> > # special file.
> > uucp,news.crit /var/log/spooler
> >
> > # Save boot messages also to boot.log
> > local7.*
> >
> > What am I missing? How can I get 514/udp to listen?
> >
> > --
> > Dan Fleischer
> > Systems Administrator
> > Bank & Trust Co.
> > 401 N. Madison St.
> > Litchfield, IL 62056
> >
> > Ph. 217-324-3935
> > http://www.bank-and-trust.com
> >
> >
> > -
> > To unsubscribe, send email to majordomo@luci.org with
> > "unsubscribe luci-discuss" in the body.
> --
> Todd Davis (tdavis@msfw.com)
> Red Hat Certified Engineer (RHCE #807101281603181)
>
>
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
>
--
Dan Fleischer
Systems Administrator
Bank & Trust Co.
401 N. Madison St.
Litchfield, IL 62056
Ph. 217-324-3935
http://www.bank-and-trust.com
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.