Remote syslog impossible, what is wrong?

[RicanDeRhino]

SOLVED:


The variable SYSLOGD="-r"
Doesn'have to be defined in /etc/init.d/sysklogd but in /etc/default/syslogd.

Not in the manpages as I saw.



Hello everybody,

I have been searching on the net, reading, trying; I took a look on the F..Smile manual, I have tryed tons of times, different ways, nothing to do, they are mute and dumb.

The situation:
###########
I am working on two computers, each is running under a Debian Etch. Both are on the same LAN, plugged into the same switch. (ADSL internet access). No firewalls on the two computers. Network connections like ssh, samba shares, ping... are working well between these two computers.
(...and my mother tongue is French, appologies for eventual faults Wink )

My goal:
#######
My goal is to send the logs (syslog) of the computer A (client) to the computer B(server) through the network.

My problem:
##########
After configuring syslog on both computers as described on the documentation I found, still nothing happends, I dont find the client's logs ont into the server's logfile.

What I have done:
###############
1.
I put the line
SYSLOGD="-r"
into the server's /etc/init.d/sysklogd file

2.
I put the line
*.* /home/mydir/logfile
(*.* and homedir for test purposes) into the server's /etc/syslog.conf file.

3.
I put the line
192.168.1.250 computername computername loghost
into the client's /etc/hosts file
As we don't have fully qualified network name on the lan, I also tried
192.168.1.250 computername loghost

4.
I put the line
*.* @loghost
into the client's /etc/syslog.conf file.
I also tried
*.* @computername

I restarted the services on both computers.

The test I ran on the server:
######################
nmap -an | grep 514
nmap -a | grep syslog
Result: nothing
The server doesn't seem to be listening and no trace of logs from the client into the server files of course.

The strange thing is that when I put
*.* @anything
in the server's /etc/syslog.conf file, restart syslog, then, it seems to be listening after the netstat test.

My questions:
############
Why is it not working properly?
Is there a way to manually send log packets to the server to test if it's really listening?
Do I need a brain doctor or a big hammer for my computers? Laughing


By advance thank you for the help.
Best regards
Eric

Here are my files:
The server's /etc/init.d/sysklogd:

################################################## ##########
#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.

PATH=/bin:/usr/bin:/sbin:/usr/sbin

pidfile=/var/run/syslogd.pid
binpath=/sbin/syslogd
SYSLOGD="-r"

test -x $binpath || exit 0

test ! -r /etc/default/syslogd || . /etc/default/syslogd

create_xconsole()
{
if [ ! -e /dev/xconsole ]; then
mknod -m 640 /dev/xconsole p
else
chmod 0640 /dev/xconsole
fi
chown root:adm /dev/xconsole
}

running()
{
# No pidfile, probably no daemon present
#
if [ ! -f $pidfile ]
then
return 1
fi

pid=`cat $pidfile`

# No pid, probably no daemon present
#
if [ -z "$pid" ]
then
return 1
fi

if [ ! -d /proc/$pid ]
then
return 1
fi

cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1`

# No syslogd?
#
if [ "$cmd" != "$binpath" ]
then
return 1
fi

return 0
}

case "$1" in
start)
echo -n "Starting system log daemon: syslogd"
create_xconsole
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
echo "."
;;
stop)
echo -n "Stopping system log daemon: syslogd"
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
echo "."
;;
reload|force-reload)
echo -n "Reloading system log daemon: syslogd"
start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
echo "."
;;
restart)
echo -n "Restarting system log daemon: syslogd"
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
sleep 1
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
echo "."
;;
reload-or-restart)
if running
then
echo -n "Reloading system log daemon: syslogd"
start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
else
echo -n "Restarting system log daemon: syslogd"
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
fi
echo "."
;;
*)
echo "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}"
exit 1
esac

exit 0
################################################## ##########

The server's /etc/syslog.conf file:

################################################## ##########

# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.

#
# First some standard logfiles. Log by facility.
#
#*.* @anything
*.* /home/bulbe/netlogs/modem.log
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err

# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice

#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg *

#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.crit;news.err;news.notice;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole

################################################## #########


The clients /etc/syslog.conf file:

################################################## #########

# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.

#
# First some standard logfiles. Log by facility.
#

*.* @loghost
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log

#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err

# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice

#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg *

#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.crit;news.err;news.notice;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole

################################################## #########

[Roxoff]

I've never needed to do any of this, so I'm not familiar with the nuts and bolts of it, but from your synopsys I'd recommend you check your firewall settings on your logging machine. It could be that the syslog attempts that the other box makes are being blocked before they get as far as the syslog process.