Solved

Red Hat Linux Firewall - Hot to configure so syslog traffic is redirected to different IP address?

Posted on 2006-06-21
10
2,776 Views
Last Modified: 2008-03-06
Hello,

I need to write a Perl script (to run on a Linux server node) that intercepts all syslog messages from a Linux client node, e.g. generated from its firewall, etc.  

1) Usually, with log generating clients, you can redirect where they send the log entries to the syslog server via the syslog server's IP address.  But for the life of me, I cannot figure out how to configure Red Hat Linux's firewall to do so.  I type in system-config-securitylevel, and I cannot find where I would be able to redirect syslog traffic.  Any suggestions on how to configure the firewall to do what I want?

2) What are examples of other programs that generate syslog?  How do I configure them?

Thanks!!!
Rawray
0
Comment
Question by:rawray
  • 4
  • 3
  • 3
10 Comments
 
LVL 16

Expert Comment

by:Blaz
Comment Utility
You might want to check "man syslogd"
http://linux.about.com/od/commands/l/blcmdl8_syslogd.htm

Section "Support for remote logging"
0
 
LVL 18

Expert Comment

by:decoleur
Comment Utility
1) you do not want to configure the firewall to redirect the syslog traffic, you want to instruct the applications that are generating logs to direct their traffic to the syslog server.
2) some links on configuring syslogs to get you going:

http://www.softpanorama.org/Logs/Syslog/syslog_configuration_examples.shtml
http://www.adventnet.com/products/webnms/syslog/help/syslog_fp/start_forward.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_syslog

let me know if you have any specific questions regarding any of the content presented.

-t
0
 

Author Comment

by:rawray
Comment Utility
Thanks to both decoleur and Blaz,

All links have been extremely helpful.  

By the way, what Linux file calls syslogd on startup?  I think the call needs to be modified to "syslogd -r" in order to get what I'm trying to do to work, i.e. forwarding log messages from one machine to a dedicated syslog server.

Best,
Rawray
0
 
LVL 18

Expert Comment

by:decoleur
Comment Utility
on a redhat server you will want to confirm that the syslogd service is configured to start on boot:

try
/sbin/chkconfig --list | grep syslog
this should show you if syslogd is configured to start on boot.
/sbin/chkconfig --levels 2345 syslogd on
this will configure syslogd to start when the system is in run levels 2-5

/sbin/service syslogd status
this will let you know if the service is running or not

hope this helps

-t
0
 
LVL 16

Expert Comment

by:Blaz
Comment Utility
If you are running a not too old redhat linux or fedora distribution then you can add the "-r" option in /etc/sysconfig/syslog file in line SYSLOGD_OPTIONS

Otherwise you can change the /etc/rc.d/init.d/syslog script to include the -r option.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:rawray
Comment Utility
Hi decoleur and Blaz,

Thanks so much again for all your help.  I will award points soon.

I did all of the above on my Fedora Core 4 Linux system.  Here is what I get:

/sbin/chkconfig --list | grep syslog –
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

/sbin/chkconfig --levels 2345 syslogd on –
error reading information on service syslogd: No such file or directory
 
/sbin/service syslogd status –
unrecognized service

What is going on, and where is syslogd?

Thanks so much!
Rawray
0
 
LVL 16

Expert Comment

by:Blaz
Comment Utility
On Fedora Core 4 you should add the "-r" option in /etc/sysconfig/syslog file in line SYSLOGD_OPTIONS qnd then do a "/etc/init.d/syslog restart"
0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 225 total points
Comment Utility
the application that you should query with chkconfig is syslog not syslogd, as shown by your successfull query:

/sbin/chkconfig --list | grep syslog –
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

and based upon that you do not need to run
/sbin/chkconfig --levels 2345 syslog on

as it already has been (this is what toggles the different run levels from off to on and right now 2,3,4,5 are all on.

try running:
/sbin/service syslog status
and you should get results...

hope this helped.
0
 

Author Comment

by:rawray
Comment Utility
Hi decoleur and Blaz,

Changed line in /etc/sysconfig/syslog to

SYSLOGD_OPTIONS="-m -r 0"

/etc/init.d/syslog restart gives:

Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [FAILED]
Starting system logger:                                    [FAILED]
Starting kernel logger:                                    [  OK  ]

and thus /sbin/service syslog status gives:

syslogd is stopped
klogd (pid 3553) is running...

How do I START syslogd?  Why do you think attempts FAILED?

Thanks so much!
0
 
LVL 16

Accepted Solution

by:
Blaz earned 275 total points
Comment Utility
"-m 0" is a single parameter and you should not split it with the -r option. So your file should look like:

SYSLOGD_OPTIONS="-m 0 -r"

Probably this is the only reason for syslog not starting, so you can do a
/etc/init.d/syslog restart
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now