RE: Syslog Server on Debian Etch



Syslog was working fine on the clients, I had it installed to a diff
linux server and was trying to move it over. The issue was the location
of the sysklogd file. The walkthough I found told me to modify the
/etc/init.d/sysklogd file, when it should have been the
/etc/default/syslogd file.

The syslog service is now running, listening on the correct port, and
receiving messages from the Juniper firewall, but it's going to the
/var/log/syslog file instead of the file I've indicated for the
filename, /mnt/hdb1/syslog/logfilename.log

Is anyone else monitoring Juniper Netscreen firewalls? Is there
something other than local7.debug I should be using to send it to the
logfile I want?

Thanks.

-----Original Message-----
From: Douglas A. Tutty [mailto:dtutty@xxxxxxxxxxxxx]
Sent: Tuesday, November 06, 2007 8:17 AM
To: debian-user@xxxxxxxxxxxxxxxx
Subject: Re: Syslog Server on Debian Etch

On Tue, Nov 06, 2007 at 08:05:39AM -0700, Joel Roberts wrote:
I'm trying to configure a syslog server on Debian Etch, but so far the
only walkthrough I've found is for Debian Sarge. The walkthrough says
to
modify the /etc/init.d/sysklogd file at the line that says: SYSLOGD=""
and change it to SYSLOGD="-r -m0"

There is no such line in the sysklogd file. I added it, but it doesn't
seem to be logging. Have stopped and restarted the service, rebooted
the
server and still my log file is at 0 bytes.

In the /etc/syslog.conf, I added the line:

Local7.debug /mnt/hdb1/syslog/logfilename.log

And it did automatically create the file, but nothing's going into it
from either the Netscreen firewall or the test Windows server. And I
don't see anything listening on port 514 with a netstat.

Anyone know a way to jumpstart it to get it running? Thanks in
advance.



On the sending machine, you put something like:

*.* @logger.my.domain

On the receiving hosts, syslogd needs the -r parameter.

This is placed in /etc/default/syslogd

You'll also have to open the appropriate port in any firewall (both on
the reciving and sending boxes).

Then I'd reboot all systems; the logger server first, followed by the
logger clients.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact
listmaster@xxxxxxxxxxxxxxxx



Relevant Pages

  • Configure failover for rsyslog
    ... I'm planning on setting up rsyslog servers to store syslog ... "master" server, and one relay server who forwards syslog messages to the ... The clients log either directly to the master, ...
    (RedHat)
  • Re: Need to implemet Syslog server
    ... >On my network I need to implement a Syslog server ... Pretty much everything but Windows will ... likely talk to syslog if told to, ... A great many other managed network devices support syslogging, ...
    (Security-Basics)
  • [HPADM] SUMMARY: syslog redirection
    ... server is down, entries will be lost. ... Syslog sends over UDP on a "broadcast and forget" concept. ... information that is subject to United States laws and regulations. ... I'm being asked to route syslog messages to a central server. ...
    (HP-UX-Admin)
  • Re: How to allow port 514?
    ... a packet filter allows traffic into the server itself. ... If you want to run your syslog on the server you would use a packet filter. ... In ISA Policy Elements, right click Protocol Definitions, ... in Publishing, right click Server ...
    (microsoft.public.windows.server.sbs)
  • SUMMARY: forwarded syslog messages are missing originating hostname
    ... I am running Solaris 9 with the latest_recommended. ... to send their syslog messages to a central server, ... as a relay server to forward all syslog messages to a third server. ... originating servers hostname and state that they are only from the relay ...
    (SunManagers)