Find the answer to your Linux question:
Results 1 to 2 of 2
SOLVED: The variable SYSLOGD="-r" Doesn'have to be defined in /etc/init.d/sysklogd but in /etc/default/syslogd. Not in the manpages as I saw. Hello everybody, I have been searching on the net, reading, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2007
    Posts
    1

    Remote syslog impossible, what is wrong?


    SOLVED:


    The variable SYSLOGD="-r"
    Doesn'have to be defined in /etc/init.d/sysklogd but in /etc/default/syslogd.

    Not in the manpages as I saw.



    Hello everybody,

    I have been searching on the net, reading, trying; I took a look on the F..Smile manual, I have tryed tons of times, different ways, nothing to do, they are mute and dumb.

    The situation:
    ###########
    I am working on two computers, each is running under a Debian Etch. Both are on the same LAN, plugged into the same switch. (ADSL internet access). No firewalls on the two computers. Network connections like ssh, samba shares, ping... are working well between these two computers.
    (...and my mother tongue is French, appologies for eventual faults Wink )

    My goal:
    #######
    My goal is to send the logs (syslog) of the computer A (client) to the computer B(server) through the network.

    My problem:
    ##########
    After configuring syslog on both computers as described on the documentation I found, still nothing happends, I dont find the client's logs ont into the server's logfile.

    What I have done:
    ###############
    1.
    I put the line
    SYSLOGD="-r"
    into the server's /etc/init.d/sysklogd file

    2.
    I put the line
    *.* /home/mydir/logfile
    (*.* and homedir for test purposes) into the server's /etc/syslog.conf file.

    3.
    I put the line
    192.168.1.250 computername computername loghost
    into the client's /etc/hosts file
    As we don't have fully qualified network name on the lan, I also tried
    192.168.1.250 computername loghost

    4.
    I put the line
    *.* @loghost
    into the client's /etc/syslog.conf file.
    I also tried
    *.* @computername

    I restarted the services on both computers.

    The test I ran on the server:
    ######################
    nmap -an | grep 514
    nmap -a | grep syslog
    Result: nothing
    The server doesn't seem to be listening and no trace of logs from the client into the server files of course.

    The strange thing is that when I put
    *.* @anything
    in the server's /etc/syslog.conf file, restart syslog, then, it seems to be listening after the netstat test.

    My questions:
    ############
    Why is it not working properly?
    Is there a way to manually send log packets to the server to test if it's really listening?
    Do I need a brain doctor or a big hammer for my computers? Laughing


    By advance thank you for the help.
    Best regards
    Eric

    Here are my files:
    The server's /etc/init.d/sysklogd:

    ################################################## ##########
    #! /bin/sh
    # /etc/init.d/sysklogd: start the system log daemon.

    PATH=/bin:/usr/bin:/sbin:/usr/sbin

    pidfile=/var/run/syslogd.pid
    binpath=/sbin/syslogd
    SYSLOGD="-r"

    test -x $binpath || exit 0

    test ! -r /etc/default/syslogd || . /etc/default/syslogd

    create_xconsole()
    {
    if [ ! -e /dev/xconsole ]; then
    mknod -m 640 /dev/xconsole p
    else
    chmod 0640 /dev/xconsole
    fi
    chown root:adm /dev/xconsole
    }

    running()
    {
    # No pidfile, probably no daemon present
    #
    if [ ! -f $pidfile ]
    then
    return 1
    fi

    pid=`cat $pidfile`

    # No pid, probably no daemon present
    #
    if [ -z "$pid" ]
    then
    return 1
    fi

    if [ ! -d /proc/$pid ]
    then
    return 1
    fi

    cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1`

    # No syslogd?
    #
    if [ "$cmd" != "$binpath" ]
    then
    return 1
    fi

    return 0
    }

    case "$1" in
    start)
    echo -n "Starting system log daemon: syslogd"
    create_xconsole
    start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
    echo "."
    ;;
    stop)
    echo -n "Stopping system log daemon: syslogd"
    start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
    echo "."
    ;;
    reload|force-reload)
    echo -n "Reloading system log daemon: syslogd"
    start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
    echo "."
    ;;
    restart)
    echo -n "Restarting system log daemon: syslogd"
    start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
    sleep 1
    start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
    echo "."
    ;;
    reload-or-restart)
    if running
    then
    echo -n "Reloading system log daemon: syslogd"
    start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
    else
    echo -n "Restarting system log daemon: syslogd"
    start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
    fi
    echo "."
    ;;
    *)
    echo "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}"
    exit 1
    esac

    exit 0
    ################################################## ##########

    The server's /etc/syslog.conf file:

    ################################################## ##########

    # /etc/syslog.conf Configuration file for syslogd.
    #
    # For more information see syslog.conf(5)
    # manpage.

    #
    # First some standard logfiles. Log by facility.
    #
    #*.* @anything
    *.* /home/bulbe/netlogs/modem.log
    auth,authpriv.* /var/log/auth.log
    *.*;auth,authpriv.none -/var/log/syslog
    #cron.* /var/log/cron.log
    daemon.* -/var/log/daemon.log
    kern.* -/var/log/kern.log
    lpr.* -/var/log/lpr.log
    mail.* -/var/log/mail.log
    user.* -/var/log/user.log
    uucp.* /var/log/uucp.log
    #
    # Logging for the mail system. Split it up so that
    # it is easy to write scripts to parse these files.
    #
    mail.info -/var/log/mail.info
    mail.warn -/var/log/mail.warn
    mail.err /var/log/mail.err

    # Logging for INN news system
    #
    news.crit /var/log/news/news.crit
    news.err /var/log/news/news.err
    news.notice -/var/log/news/news.notice

    #
    # Some `catch-all' logfiles.
    #
    *.=debug;\
    auth,authpriv.none;\
    news.none;mail.none -/var/log/debug
    *.=info;*.=notice;*.=warn;\
    auth,authpriv.none;\
    cron,daemon.none;\
    mail,news.none -/var/log/messages

    #
    # Emergencies are sent to everybody logged in.
    #
    *.emerg *

    #
    # I like to have messages displayed on the console, but only on a virtual
    # console I usually leave idle.
    #
    #daemon,mail.*;\
    # news.=crit;news.=err;news.=notice;\
    # *.=debug;*.=info;\
    # *.=notice;*.=warn /dev/tty8

    # The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
    # you must invoke `xconsole' with the `-file' option:
    #
    # $ xconsole -file /dev/xconsole [...]
    #
    # NOTE: adjust the list below, or you'll go crazy if you have a reasonably
    # busy site..
    #
    daemon.*;mail.*;\
    news.crit;news.err;news.notice;\
    *.=debug;*.=info;\
    *.=notice;*.=warn |/dev/xconsole

    ################################################## #########


    The clients /etc/syslog.conf file:

    ################################################## #########

    # /etc/syslog.conf Configuration file for syslogd.
    #
    # For more information see syslog.conf(5)
    # manpage.

    #
    # First some standard logfiles. Log by facility.
    #

    *.* @loghost
    auth,authpriv.* /var/log/auth.log
    *.*;auth,authpriv.none -/var/log/syslog
    #cron.* /var/log/cron.log
    daemon.* -/var/log/daemon.log
    kern.* -/var/log/kern.log
    lpr.* -/var/log/lpr.log
    mail.* -/var/log/mail.log
    user.* -/var/log/user.log
    uucp.* /var/log/uucp.log

    #
    # Logging for the mail system. Split it up so that
    # it is easy to write scripts to parse these files.
    #
    mail.info -/var/log/mail.info
    mail.warn -/var/log/mail.warn
    mail.err /var/log/mail.err

    # Logging for INN news system
    #
    news.crit /var/log/news/news.crit
    news.err /var/log/news/news.err
    news.notice -/var/log/news/news.notice

    #
    # Some `catch-all' logfiles.
    #
    *.=debug;\
    auth,authpriv.none;\
    news.none;mail.none -/var/log/debug
    *.=info;*.=notice;*.=warn;\
    auth,authpriv.none;\
    cron,daemon.none;\
    mail,news.none -/var/log/messages

    #
    # Emergencies are sent to everybody logged in.
    #
    *.emerg *

    #
    # I like to have messages displayed on the console, but only on a virtual
    # console I usually leave idle.
    #
    #daemon,mail.*;\
    # news.=crit;news.=err;news.=notice;\
    # *.=debug;*.=info;\
    # *.=notice;*.=warn /dev/tty8

    # The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
    # you must invoke `xconsole' with the `-file' option:
    #
    # $ xconsole -file /dev/xconsole [...]
    #
    # NOTE: adjust the list below, or you'll go crazy if you have a reasonably
    # busy site..
    #
    daemon.*;mail.*;\
    news.crit;news.err;news.notice;\
    *.=debug;*.=info;\
    *.=notice;*.=warn |/dev/xconsole

    ################################################## #########

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,934
    I've never needed to do any of this, so I'm not familiar with the nuts and bolts of it, but from your synopsys I'd recommend you check your firewall settings on your logging machine. It could be that the syslog attempts that the other box makes are being blocked before they get as far as the syslog process.
    Linux user #126863 - see http://linuxcounter.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •