RE: Syslog Server on Debian Etch



Syslog was working fine on the clients, I had it installed to a diff
linux server and was trying to move it over. The issue was the location
of the sysklogd file. The walkthough I found told me to modify the
/etc/init.d/sysklogd file, when it should have been the
/etc/default/syslogd file.

The syslog service is now running, listening on the correct port, and
receiving messages from the Juniper firewall, but it's going to the
/var/log/syslog file instead of the file I've indicated for the
filename, /mnt/hdb1/syslog/logfilename.log

Is anyone else monitoring Juniper Netscreen firewalls? Is there
something other than local7.debug I should be using to send it to the
logfile I want?

Thanks.

-----Original Message-----
From: Douglas A. Tutty [mailto:dtutty@xxxxxxxxxxxxx]
Sent: Tuesday, November 06, 2007 8:17 AM
To: debian-user@xxxxxxxxxxxxxxxx
Subject: Re: Syslog Server on Debian Etch

On Tue, Nov 06, 2007 at 08:05:39AM -0700, Joel Roberts wrote:
I'm trying to configure a syslog server on Debian Etch, but so far the
only walkthrough I've found is for Debian Sarge. The walkthrough says
to
modify the /etc/init.d/sysklogd file at the line that says: SYSLOGD=""
and change it to SYSLOGD="-r -m0"

There is no such line in the sysklogd file. I added it, but it doesn't
seem to be logging. Have stopped and restarted the service, rebooted
the
server and still my log file is at 0 bytes.

In the /etc/syslog.conf, I added the line:

Local7.debug /mnt/hdb1/syslog/logfilename.log

And it did automatically create the file, but nothing's going into it
from either the Netscreen firewall or the test Windows server. And I
don't see anything listening on port 514 with a netstat.

Anyone know a way to jumpstart it to get it running? Thanks in
advance.



On the sending machine, you put something like:

*.* @logger.my.domain

On the receiving hosts, syslogd needs the -r parameter.

This is placed in /etc/default/syslogd

You'll also have to open the appropriate port in any firewall (both on
the reciving and sending boxes).

Then I'd reboot all systems; the logger server first, followed by the
logger clients.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact
listmaster@xxxxxxxxxxxxxxxx