Re: Probably silly Q
- From: Craig White <craigwhite@xxxxxxxxxxx>
- Date: Wed, 08 Mar 2006 08:01:11 -0700
On Wed, 2006-03-08 at 09:34 -0500, Gene Heskett wrote:
On Wednesday 08 March 2006 08:28, Craig White wrote:----
On Wed, 2006-03-08 at 01:43 -0500, Gene Heskett wrote:
On Wednesday 08 March 2006 01:03, Craig White wrote:
On Wed, 2006-03-08 at 00:50 -0500, Gene Heskett wrote:
Greetings all;
My router has the ability to send access logs to an ip address,
which is assignable.
My thoughts are to setup a virtual eth0:1 at an unused local
addresss in the 192.168.1 block, and simply copy everything that
comes into that port off to a logfile, plugging that logfile into
logrotates schedule and thereby keeping a log for forensic
purposes.
I've tried the usual culprits, like cat </dev/eth0:1, or dd
if=/dev/eth0:1 but neither of those seems to work, lack of a
device, and sure enough when I look in /devs on that old RH7.3
box, there are no eth* entries.
I'm probably in one of those situations where I can't see the
tree for all this forest in the way, so could someone toss me a
clue please?
----
don't bother with all that nonsense...your syslog has the ability
to accept, log, rotate, etc. from network devices...
man syslogd /support for remote logging
unless you feel like doing unnecessary gymnastics
Craig
Ok, I've inserted that line in services thats needed for that to
work, syslog 514/udp
And added the -r option to OPTIONS in the syslog file in
/etc/sysconfig, SIGHUPed syslogd, and turned the routers forwarding
of the access log to the main 192.168.x.x address of that machine.
But nothing is appearing in either all.log or any other log with a
recent timestamp.
Did I miss something? Or is the linksys BEFSR41 routers logging to
some other unk (udp/tcp) port besides 514?
----
Let's keep this on list OK?
Firewall on Linux system blocking port 514 protocol UDP?
Logging will go into /var/log/messages unless you redirect it via
syslog.conf # man syslog.conf
Is there actually traffic ? you can use something like ethereal to
trace activity between router & Linux system
I couldn't make sense out of the ethereal output, but I am seeing quite
a bit of this when I run:
tcpdump -i eth0 -p udp
and scattered amonst the dns queries is a few of these:
========
09:27:09.106059 router.coyote.den.16139 > 192.168.1.100.snmptrap:
Trap(35) E:3093.2.2.1 192.168.1.1
enterpriseSpecific[specific-trap(1)!=0] 25922015 [|snmp]
========
but this router doesn't do the mrtg thing that I'm aware of. Its a
linksys BEFSR41, latest firmware.
But, is this the data I want? In case yes, how do I go about logging it
to a unique logfile? I don't see it being rejected or dropped in
iptables.
The RH 7.3 system may have a very different version of syslogd and
behave differently
I don't understand the '-p' in tcpdump but it would seem that if you are
gonna use tcpdump, that filtering it down by 'dst port 514' would make
sense because so much traffic makes it hard to find what you want to
filtering it would be good...ethereal does have some nice tools in the
gui tool.
Also, you should verify how syslogd is running (i.e., is it now using
the -r option)...
ps aux|grep syslog
Craig
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- References:
- Probably silly Q
- From: Gene Heskett
- Re: Probably silly Q
- From: Craig White
- Re: Probably silly Q
- From: Gene Heskett
- Probably silly Q
- Prev by Date: Re: OT Cisco Forum
- Next by Date: Re: Query about Xvid avi codecs
- Previous by thread: Re: Probably silly Q
- Next by thread: Re: Probably silly Q
- Index(es):
Relevant Pages
|
