Hi Julio, Here are somethings to check. 1) Make sure the file /etc/sysconfig/syslog exists and is readable by whatever user syslogd will run as. If this does not exist than syslogd will run with only the options "-m 0". This is of course only needed on the syslog server. 2) Make sure the below entry exists in /etc/services syslog 514/udp 3) Make sure that /etc/syslog.conf on both the client and the syslog server agree on facility.level and there is an action on both thow will be differant, ie client logs to loghost and loghost logs to a file. Below are examples: user.crit ifdef(`LOGHOST', /var/log/syslog, @loghost) This is an example from the client where loghost should at lest for testing exist in /etc/hosts, latter on you can move this to DNS, NIS, or NIS+ if you like. user.crit /var/log/warn This is an example from the server. If you have to make any changes to these config files do a KILL -HUP on syslogd. After doing all this you can verify by doing a tail /var/log/warn and or tcpdump udp and host CLIENTNAME Your output will be something like... 18:37:46.708324 client.xxxx.gov.39646 > syslog-server.xxxx.gov.syslog: udp 54 (DF) Have fun, Shawn --On Thursday, December 18, 2003 05:38:58 PM -0300 Julio Jaime <jjaime@ticket-accor.com.ar> wrote: > Hi Allan, > > I have running my syslog over Red Hat 9 and 7.3. The command line is > : > > syslogd -r -m 0 > > In the init.d file the start line is : > >########################################################### ># Source config > if [ -f /etc/sysconfig/syslog ] ; then > . /etc/sysconfig/syslog > else > SYSLOGD_OPTIONS="-m 0" > KLOGD_OPTIONS="-2" > fi > > RETVAL=0 > > umask 077 > > start() { > echo -n $"Starting system logger: " > daemon syslogd $SYSLOGD_OPTIONS > RETVAL=$? > echo > echo -n $"Starting kernel logger: " > daemon klogd $KLOGD_OPTIONS > echo > [ $RETVAL -eq 0 ] && touch /var/lock/subsys/syslog > return $RETVAL > } > >################################################################### > > > Bests Regards. > > ======================================= > Julio Jaime > Americas Zone Security Admin. > Accor Services - Servicios Ticket S.A. > Av. Díaz Vélez 4367 > (C1200 AAK) Bs. As. - Argentina > Tel.: (54-11) 4909-1375 > Fax.: (54-11) 4909-1394 > jjaime@private > ======================================= > ------------------------------------------------------------------------- > --- ------------------------------- > Este mensaje electrónico y todos los archivos adjuntos que contiene son > confidenciales y se encuentran destinados, exclusivamente, a la persona a > quien han sido dirigidos. Si ha recibido este mensaje por error, > agradecemos la inmediata devolución a su emisor. La publicación, el uso, > la > distribución, la impresión o la copia no autorizada de este mensaje y del > contenido de los archivos adjuntos se encuentran estrictamente prohibidos. > This e-mail and any files transmitted with it are confidential and > intended solely for the use of the individual to whom it is addressed. If > you have received this email in error please send it back to the person > that sent it to you. Unauthorized publication, use, dissemination, > forwarding, printing or copying of this email and its associated > attachments is strictly prohibited. > Ce message électronique et tous les fichiers attachés qu'il contient sont > confidentiels et destinés exclusivement à l'usage de la personne à > laquelle ils sont adressés. Si vous avez reçu ce message par erreur, > merci de le retourner à son émetteur. La publication, l'usage, la > distribution, l'impression ou la copie non autorisée de ce message et des > attachements qu'il contient sont strictement interdits. > ------------------------------------------------------------------------- > --- -------------------------------- > > > > -----Mensaje original----- > De: Allan Liska [mailto:allan@private] > Enviado el: Jueves, 18 de Diciembre de 2003 04:49 p.m. > Para: loganalysis@private > Asunto: [logs] RedHat, Syslog and Remote Logging > > > Good Afternoon, > > I am trying to sert up remote logging on a Redhat box. Normally, all it > would take is adding the -r to syslog, but that does not seem to work. > More specifically, if I start syslog from the command line with a -r it > works fine, but if I edit the syslog start up file so that syslog starts > with the -r the server does not accept any remote connections. > > Does anyone have any experience with this, and can anyone offer me any > suggestions? > > > Thanks! > > > allan _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Dec 18 2003 - 15:48:46 PST