man syslogd: > -r This option will enable the facility to receive message from the > network using an internet domain socket with the syslog service > (see services(5)). The default is to not receive any messages > from the network. On Thu, 2005-03-24 at 08:59, Sujit wrote: > Hi, > > We are implementing remote logging using syslog. We have two linux > boxes (RH9) with 2.4 kernel for each. One of the two is made server > and the other a client. We are using netfilter logs in addition to the > usual logs.The iptables rules are inserted to accept the outgoing > packets from the client and also to accept the incoming packets at the > server. We have modified the syslog.conf files at both the client as > well as the server side to effect the logging. Both the files are as > shown below. > > The problem is that although the packets from the client to the server > at port 514 for syslog are logged at the server, the actual log > messages from the client are not getting logged at the server. > > Could anyone please help and advice what may be the possible causes > and remedies? > > Thanks in advance, > Sujit. > > #client syslog.conf > > # Log all kernel messages to the console. > # Logging much else clutters up the screen. > #kern.* /var/log/kern.txt > > # Log anything (except mail) of level info or higher. > # Don't log private authentication messages! > > *.info;mail.none;authpriv.none;cron.none /var/log/messages > *.info;mail.none;authpriv.none;cron.none @192.168.7.142 > #This is the server ip address > > > # The authpriv file has restricted access. > authpriv.* /var/log/secure > > # Log all the mail messages in one place. > mail.* /var/log/maillog > > > # Log cron stuff > cron.* /var/log/cron > > # Everybody gets emergency messages > *.emerg * > > # Save news errors of level crit and higher in a special file. > uucp,news.crit /var/log/spooler > > # Save boot messages also to boot.log > local7.* /var/log/boot.log > > #server syslog.conf > > # Log all kernel messages to the console. > # Logging much else clutters up the screen. > #kern.* /dev/console > # Log anything (except mail) of level info or higher.# Don't log > private authentication messages! > > *.info;mail.none;authpriv.none;cron.none /var/log/messages > > > # The authpriv file has restricted access. > authpriv.* /var/log/secure > # Log all the mail messages in one place. > mail.* /var/log/maillog > # Log cron stuff > cron.* /var/log/cron > # Everybody gets emergency messages > *.emerg * > # Save news errors of level crit and higher in a special file. > uucp,news.crit /var/log/spooler > # Save boot messages also to boot.log > local7.* /var/log/boot.log > > // packets logged from port 514 > > Mar 24 12:54:26 linuxws142 kernel: IN=eth0 OUT= > MAC=00:10:dc:f0:b5:55:00:10:dc:f0:b4:cc:08:00 SRC=192.168.7.141 > DST=192.168.7.142 LEN=56 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP > SPT=514 DPT=514 LEN=36 > > Mar 24 12:54:26 linuxws142 kernel: IN=eth0 OUT= > MAC=00:10:dc:f0:b5:55:00:10:dc:f0:b4:cc:08:00 SRC=192.168.7.141 > DST=192.168.7.142 LEN=85 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP > SPT=514 DPT=514 LEN=65 > > Mar 24 12:55:33 linuxws142 kernel: IN=eth0 OUT= > MAC=00:10:dc:f0:b5:55:00:10:dc:f0:b4:cc:08:00 SRC=192.168.7.141 > DST=192.168.7.142 LEN=100 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP > SPT=514 DPT=514 LEN=80 > > > > > > ______________________________________________________________________ > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Mar 24 2005 - 09:27:44 PST