RE: [logs] SYSLOG "forwarding"

From: Rainer Gerhards (rgerhards@private)
Date: Mon Jan 31 2005 - 03:45:01 PST


Which exakt version of syslogd is it? Stock sysklogd 1.4.1 does NOT
forward to a remote host if it was received from a remote host! (a patch
is easy, but I am currently not able to go to the office). 

Rainer

> -----Original Message-----
> From: 
> loganalysis-bounces+rgerhards=hq.adiscon.com@private 
> [mailto:loganalysis-bounces+rgerhards=hq.adiscon.com@private
> oo.com] On Behalf Of Jay D. Dyson
> Sent: Friday, January 28, 2005 9:37 PM
> To: Log Analysis
> Subject: Re: [logs] SYSLOG "forwarding"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Fri, 28 Jan 2005, R. Benjamin Kessler wrote:
> 
> > I have a server with stock (linux) syslog running on it 
> that collects 
> > logs from network devices.  In addition to storing them 
> locally, I'd 
> > also like to forward or "relay" these messages to another 
> destination 
> > and I'm having some problems.
> >
> > I've added the following line to the syslog.conf file:
> >
> > local7.*	@10.192.4.28
> >
> > And bounced the process but that doesn't seem to have had 
> any impact.
> >
> > Any clues as to what I'm doing wrong here?
> 
>  	The line from your syslog.conf seems logical, so we need to 
> explore other possible complications.
> 
>  	Is the syslogd service at 10.192.4.28 listening on 514/UDP? 
> Also, what -- if any -- services are typically sending log 
> output at the 
> local7 level?  Moreover, is the system you're trying this on 
> also sitting 
> on an RFC1918 non-routable address LAN using 10/8?
> 
>  	Once we have answers on those questions, we can proceed in 
> narrowing down where the major malfunction is.
> 
> - -Jay
> 
>     (    (                                                    
>     _______
>     ))   ))   .-"There's always time for a good cup of 
> coffee"-.   >====<--.
>   C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@private 
> -----<) |    = |-'
>    `--' `--'  `--------------- Nil sine Domini. 
> ---------------'  `------'
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (TreacherOS)
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
> 
> iD8DBQFB+qKBBYoRACwSF0cRAnG2AJ4mH+tRfVwelFqbj1Q422D0T6GieACfR9h7
> RqRBWTyy9Z6m+Em6HOw6R7M=
> =J7cK
> -----END PGP SIGNATURE-----
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
> 
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Mon Jan 31 2005 - 11:53:27 PST