Find the answer to your Linux question:
Results 1 to 1 of 1
[SOLVED] Line: source remote_log { udp (ip("0.0.0.0")port(514));}; I am having a problem with remote logging on my AMD64 machine which I want to store a bunch of logs from a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2007
    Posts
    4

    Remote Syslog-NG Server issue


    [SOLVED] Line: source remote_log {udp(ip("0.0.0.0")port(514));};

    I am having a problem with remote logging on my AMD64 machine which I want to store a bunch of logs from a bunch of different IPs and machines...

    I am using syslog-ng and my syslog-ng.conf file looks like this:

    options {
    chain_hostnames(off);
    sync(0);
    stats(300);
    create_dirs(yes);
    };

    source src {
    unix-stream("/dev/log" max-connections(256));
    internal();
    file("/proc/kmsg");
    };

    source remote_log {tcp(ip("0.0.0.0")
    port(514));};

    destination messages { file("/var/log/messages"); };
    destination remote {file("/work/logs/$HOST_FROM.log");};
    destination console_all { file("/dev/tty12"); };

    log { source(src); destination(messages); };
    log { source(src); destination(console_all); };
    log { source(remote_log); destination(remote);};



    My understanding of syslog-ng is that this should now accept logs from any IP address on the port of 514.
    However I am not getting anything at all.
    When I run nmap localhost i get:
    DualCore logs # nmap localhost

    Starting Nmap 4.20 ( Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources ) at 2007-08-29 15:10 EDT
    Interesting ports on DualCore (127.0.0.1):
    Not shown: 1690 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    514/tcp open shell
    631/tcp open ipp
    2000/tcp open callbook
    8000/tcp open http-alt

    Nmap finished: 1 IP address (1 host up) scanned in 0.059 seconds




    I have restarted the syslog-ng process and my computer is DMZ'd to allow the outside IPs in. I plan to put it back behind the firewall once i know this works then just forward the ports.

    Any ideas?
    Last edited by synapseattack; 08-29-2007 at 09:09 PM. Reason: Solved

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •