Sending syslog to another machine
tim at maths.tcd.ie
Fri Dec 5 13:51:00 UTC 2008
Rick Stevens wrote:
> Also, both the old syslogd and the newer rsyslogd have to have the "-r"
> option specified for them to actually listen to the network (the "-r"
> can also have a port number appended, e.g. "-r 514"). Not sure about
> ng-syslog, but I suspect the same is true.
> On Red Hattish machines, options are passed to the syslog daemon by
> values stuffed into the "SYSLOGD_OPTIONS" line of either the
> "/etc/sysconfig/syslog" or "/etc/sysconfig/rsyslog" file (depending on
> which syslog daemon you're running. By default, you'll find
> SYSLOGD_OPTIONS="-c 3" (/etc/sysconfig/rsyslog)
> SYSLOGD_OPTIONS="-m 0" (/etc/sysconfig/syslog)
> Prepend that with "-r" (e.g. SYSLOGD_OPTIONS="-r -c 3") and then do a
> "service syslog restart". It should start listening to the network.
Thanks very much.
It seems very complicated.
I wonder if I have taken the right steps?
1) I've uncommented and edited the line
in /etc/rsyslog.conf on the client laptop ("mary").
2) I see that the remote machine 192.168.2.2 ("helen"),
which is running under Centos-5.2,
is actually running syslog rather than rsyslog,
and already has
SYSLOGD_OPTIONS="-m 0 -r"
3) I've run
sudo service rsyslog restart
on mary, and .
sudo service syslog restart
on helen for good measure.
4) I'm running shorewall on helen, so I've added
Syslog/ACCEPT loc $FW
to /etc/shorewall/rules on helen.
The net effect of all this seems to be that kernel messages
are no longer being sent to /var/log/messages on mary,
but they are not appearing on helen.
I notice that
sudo telnet helen 514
fails. Does telnet only test tcp and not udp?
sudo nmap -sU -F 192.168.2.2
but this never seems to return.
[Incidentally, I tried adding -r to /etc/sysconfig/rsyslog on mary,
but she didn't like it, and said the -r option was ignored.]
More information about the users