Solved

Red Hat Linux Firewall - Hot to configure so syslog traffic is redirected to different IP address?

Posted on 2006-06-21
10
2,791 Views
Last Modified: 2008-03-06
Hello,

I need to write a Perl script (to run on a Linux server node) that intercepts all syslog messages from a Linux client node, e.g. generated from its firewall, etc.  

1) Usually, with log generating clients, you can redirect where they send the log entries to the syslog server via the syslog server's IP address.  But for the life of me, I cannot figure out how to configure Red Hat Linux's firewall to do so.  I type in system-config-securitylevel, and I cannot find where I would be able to redirect syslog traffic.  Any suggestions on how to configure the firewall to do what I want?

2) What are examples of other programs that generate syslog?  How do I configure them?

Thanks!!!
Rawray
0
Comment
Question by:rawray
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 16

Expert Comment

by:Blaz
ID: 16957243
You might want to check "man syslogd"
http://linux.about.com/od/commands/l/blcmdl8_syslogd.htm

Section "Support for remote logging"
0
 
LVL 18

Expert Comment

by:decoleur
ID: 17030386
1) you do not want to configure the firewall to redirect the syslog traffic, you want to instruct the applications that are generating logs to direct their traffic to the syslog server.
2) some links on configuring syslogs to get you going:

http://www.softpanorama.org/Logs/Syslog/syslog_configuration_examples.shtml
http://www.adventnet.com/products/webnms/syslog/help/syslog_fp/start_forward.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_syslog

let me know if you have any specific questions regarding any of the content presented.

-t
0
 

Author Comment

by:rawray
ID: 17039403
Thanks to both decoleur and Blaz,

All links have been extremely helpful.  

By the way, what Linux file calls syslogd on startup?  I think the call needs to be modified to "syslogd -r" in order to get what I'm trying to do to work, i.e. forwarding log messages from one machine to a dedicated syslog server.

Best,
Rawray
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Expert Comment

by:decoleur
ID: 17044921
on a redhat server you will want to confirm that the syslogd service is configured to start on boot:

try
/sbin/chkconfig --list | grep syslog
this should show you if syslogd is configured to start on boot.
/sbin/chkconfig --levels 2345 syslogd on
this will configure syslogd to start when the system is in run levels 2-5

/sbin/service syslogd status
this will let you know if the service is running or not

hope this helps

-t
0
 
LVL 16

Expert Comment

by:Blaz
ID: 17048362
If you are running a not too old redhat linux or fedora distribution then you can add the "-r" option in /etc/sysconfig/syslog file in line SYSLOGD_OPTIONS

Otherwise you can change the /etc/rc.d/init.d/syslog script to include the -r option.
0
 

Author Comment

by:rawray
ID: 17079755
Hi decoleur and Blaz,

Thanks so much again for all your help.  I will award points soon.

I did all of the above on my Fedora Core 4 Linux system.  Here is what I get:

/sbin/chkconfig --list | grep syslog –
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

/sbin/chkconfig --levels 2345 syslogd on –
error reading information on service syslogd: No such file or directory
 
/sbin/service syslogd status –
unrecognized service

What is going on, and where is syslogd?

Thanks so much!
Rawray
0
 
LVL 16

Expert Comment

by:Blaz
ID: 17080169
On Fedora Core 4 you should add the "-r" option in /etc/sysconfig/syslog file in line SYSLOGD_OPTIONS qnd then do a "/etc/init.d/syslog restart"
0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 225 total points
ID: 17080265
the application that you should query with chkconfig is syslog not syslogd, as shown by your successfull query:

/sbin/chkconfig --list | grep syslog –
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

and based upon that you do not need to run
/sbin/chkconfig --levels 2345 syslog on

as it already has been (this is what toggles the different run levels from off to on and right now 2,3,4,5 are all on.

try running:
/sbin/service syslog status
and you should get results...

hope this helped.
0
 

Author Comment

by:rawray
ID: 17083517
Hi decoleur and Blaz,

Changed line in /etc/sysconfig/syslog to

SYSLOGD_OPTIONS="-m -r 0"

/etc/init.d/syslog restart gives:

Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [FAILED]
Starting system logger:                                    [FAILED]
Starting kernel logger:                                    [  OK  ]

and thus /sbin/service syslog status gives:

syslogd is stopped
klogd (pid 3553) is running...

How do I START syslogd?  Why do you think attempts FAILED?

Thanks so much!
0
 
LVL 16

Accepted Solution

by:
Blaz earned 275 total points
ID: 17087967
"-m 0" is a single parameter and you should not split it with the -r option. So your file should look like:

SYSLOGD_OPTIONS="-m 0 -r"

Probably this is the only reason for syslog not starting, so you can do a
/etc/init.d/syslog restart
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question