Re: Sending syslog to another machine
- From: Timothy Murphy <tim@xxxxxxxxxxxx>
- Date: Fri, 05 Dec 2008 13:51 +0000
Rick Stevens wrote:
Also, both the old syslogd and the newer rsyslogd have to have the "-r"
option specified for them to actually listen to the network (the "-r"
can also have a port number appended, e.g. "-r 514"). Not sure about
ng-syslog, but I suspect the same is true.
On Red Hattish machines, options are passed to the syslog daemon by
values stuffed into the "SYSLOGD_OPTIONS" line of either the
"/etc/sysconfig/syslog" or "/etc/sysconfig/rsyslog" file (depending on
which syslog daemon you're running. By default, you'll find
SYSLOGD_OPTIONS="-c 3" (/etc/sysconfig/rsyslog)
SYSLOGD_OPTIONS="-m 0" (/etc/sysconfig/syslog)
Prepend that with "-r" (e.g. SYSLOGD_OPTIONS="-r -c 3") and then do a
"service syslog restart". It should start listening to the network.
Thanks very much.
It seems very complicated.
I wonder if I have taken the right steps?
1) I've uncommented and edited the line
in /etc/rsyslog.conf on the client laptop ("mary").
2) I see that the remote machine 192.168.2.2 ("helen"),
which is running under Centos-5.2,
is actually running syslog rather than rsyslog,
and already has
SYSLOGD_OPTIONS="-m 0 -r"
3) I've run
sudo service rsyslog restart
on mary, and .
sudo service syslog restart
on helen for good measure.
4) I'm running shorewall on helen, so I've added
Syslog/ACCEPT loc $FW
to /etc/shorewall/rules on helen.
The net effect of all this seems to be that kernel messages
are no longer being sent to /var/log/messages on mary,
but they are not appearing on helen.
I notice that
sudo telnet helen 514
fails. Does telnet only test tcp and not udp?
sudo nmap -sU -F 192.168.2.2
but this never seems to return.
[Incidentally, I tried adding -r to /etc/sysconfig/rsyslog on mary,
but she didn't like it, and said the -r option was ignored.]
fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list