Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    How can you disable remote connections for sysloogd


    I have a centos server that has a remote connection to syslogd. I ran netstat -antup and go the following:

    tcp 0 0 192.168.0.15:38908 73.167.119.19:21333 ESTABLISHED 4039/syslogd
    t

    I would like to config syslogd to not be able to use remote ip addresses.

    Is this possible? Should I worry about this syslogd entry? How can I disable remote IP connections to syslogd
    Thanks,
    Ed

  2. #2
    Linux User
    Join Date
    Jun 2012
    Location
    SF Bay area
    Posts
    312
    I'm not trying to be evasive here, but the answer is "it depends." There are several options, one or more of which will certainly work, but whether you configure your "syslog" to prevent the remote connections or use host based ACL's (meaning local firewall) to block it, the way you do it depends on what software you're using.

    For instance, both "rsyslog" and "syslog-ng" can be configured to listen only on "localhost". That will make it impossible for external systems to send data. But the configurations are package specific so it depends on which software you're using. Also, it's possible that your system is running a "syslog" package that's not one of those two, or is an old enough that the options to constrain the connections aren't available.

    In that case, you can always enable local firewall functionality and add rules to block external systems on the ports your "syslog" service is using. But again, the way you set that up depends on which firewall software you system uses. It's been awhile since I messed with firewalls on RedHat centric systems so I'd have to read documentation to give you specifics.

  3. #3
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    14,038
    -->
    You need to disable the syslog forwarding in the remote system's /etc/rsyslog.conf file.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

$spacer_open
$spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •