RE: [logs] SYSLOG "forwarding"

From: Jeff Saxton (jeff.saxton@private)
Date: Fri Jan 28 2005 - 16:37:41 PST


I think a tcp dump showed that no traffic was leaving the initial syslog
server. 


Jeff Saxton
Sr. Support Engineer
SenSage, Inc. ( Formerly Addamark Technologies, Inc. )
http://www.sensage.com
mailto:support@private
OFFICE: +1 415-281-1900x128
CELL: +1 415-640-6392

-----Original Message-----
From: loganalysis-bounces+jeff.saxton=addamark.com@private
[mailto:loganalysis-bounces+jeff.saxton=addamark.com@private] On
Behalf Of Jay D. Dyson
Sent: Friday, January 28, 2005 12:37 PM
To: Log Analysis
Subject: Re: [logs] SYSLOG "forwarding"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 28 Jan 2005, R. Benjamin Kessler wrote:

> I have a server with stock (linux) syslog running on it that collects 
> logs from network devices.  In addition to storing them locally, I'd 
> also like to forward or "relay" these messages to another destination 
> and I'm having some problems.
>
> I've added the following line to the syslog.conf file:
>
> local7.*	@10.192.4.28
>
> And bounced the process but that doesn't seem to have had any impact.
>
> Any clues as to what I'm doing wrong here?

 	The line from your syslog.conf seems logical, so we need to explore
other possible complications.

 	Is the syslogd service at 10.192.4.28 listening on 514/UDP? 
Also, what -- if any -- services are typically sending log output at the
local7 level?  Moreover, is the system you're trying this on also sitting on
an RFC1918 non-routable address LAN using 10/8?

 	Once we have answers on those questions, we can proceed in narrowing
down where the major malfunction is.

- -Jay

    (    (                                                        _______
    ))   ))   .-"There's always time for a good cup of coffee"-.   >====<--.
  C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@private -----<) |    = |-'
   `--' `--'  `--------------- Nil sine Domini. ---------------'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFB+qKBBYoRACwSF0cRAnG2AJ4mH+tRfVwelFqbj1Q422D0T6GieACfR9h7
RqRBWTyy9Z6m+Em6HOw6R7M=
=J7cK
-----END PGP SIGNATURE-----
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Fri Jan 28 2005 - 16:50:25 PST