Solved

Red Hat Linux Firewall - Hot to configure so syslog traffic is redirected to different IP address?

Posted on 2006-06-21
10
2,795 Views
Last Modified: 2008-03-06
Hello,

I need to write a Perl script (to run on a Linux server node) that intercepts all syslog messages from a Linux client node, e.g. generated from its firewall, etc.  

1) Usually, with log generating clients, you can redirect where they send the log entries to the syslog server via the syslog server's IP address.  But for the life of me, I cannot figure out how to configure Red Hat Linux's firewall to do so.  I type in system-config-securitylevel, and I cannot find where I would be able to redirect syslog traffic.  Any suggestions on how to configure the firewall to do what I want?

2) What are examples of other programs that generate syslog?  How do I configure them?

Thanks!!!
Rawray
0
Comment
Question by:rawray
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 16

Expert Comment

by:Blaz
ID: 16957243
You might want to check "man syslogd"
http://linux.about.com/od/commands/l/blcmdl8_syslogd.htm

Section "Support for remote logging"
0
 
LVL 18

Expert Comment

by:decoleur
ID: 17030386
1) you do not want to configure the firewall to redirect the syslog traffic, you want to instruct the applications that are generating logs to direct their traffic to the syslog server.
2) some links on configuring syslogs to get you going:

http://www.softpanorama.org/Logs/Syslog/syslog_configuration_examples.shtml
http://www.adventnet.com/products/webnms/syslog/help/syslog_fp/start_forward.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_syslog

let me know if you have any specific questions regarding any of the content presented.

-t
0
 

Author Comment

by:rawray
ID: 17039403
Thanks to both decoleur and Blaz,

All links have been extremely helpful.  

By the way, what Linux file calls syslogd on startup?  I think the call needs to be modified to "syslogd -r" in order to get what I'm trying to do to work, i.e. forwarding log messages from one machine to a dedicated syslog server.

Best,
Rawray
0
Interactive Way of Training for the AWS CSA Exam

An interactive way of learning that will help you visualize core concepts so that you can be more effective when taking your AWS certification exam.  Built for students by a student to help them understand the concepts that they are being taught.

 
LVL 18

Expert Comment

by:decoleur
ID: 17044921
on a redhat server you will want to confirm that the syslogd service is configured to start on boot:

try
/sbin/chkconfig --list | grep syslog
this should show you if syslogd is configured to start on boot.
/sbin/chkconfig --levels 2345 syslogd on
this will configure syslogd to start when the system is in run levels 2-5

/sbin/service syslogd status
this will let you know if the service is running or not

hope this helps

-t
0
 
LVL 16

Expert Comment

by:Blaz
ID: 17048362
If you are running a not too old redhat linux or fedora distribution then you can add the "-r" option in /etc/sysconfig/syslog file in line SYSLOGD_OPTIONS

Otherwise you can change the /etc/rc.d/init.d/syslog script to include the -r option.
0
 

Author Comment

by:rawray
ID: 17079755
Hi decoleur and Blaz,

Thanks so much again for all your help.  I will award points soon.

I did all of the above on my Fedora Core 4 Linux system.  Here is what I get:

/sbin/chkconfig --list | grep syslog –
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

/sbin/chkconfig --levels 2345 syslogd on –
error reading information on service syslogd: No such file or directory
 
/sbin/service syslogd status –
unrecognized service

What is going on, and where is syslogd?

Thanks so much!
Rawray
0
 
LVL 16

Expert Comment

by:Blaz
ID: 17080169
On Fedora Core 4 you should add the "-r" option in /etc/sysconfig/syslog file in line SYSLOGD_OPTIONS qnd then do a "/etc/init.d/syslog restart"
0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 225 total points
ID: 17080265
the application that you should query with chkconfig is syslog not syslogd, as shown by your successfull query:

/sbin/chkconfig --list | grep syslog –
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

and based upon that you do not need to run
/sbin/chkconfig --levels 2345 syslog on

as it already has been (this is what toggles the different run levels from off to on and right now 2,3,4,5 are all on.

try running:
/sbin/service syslog status
and you should get results...

hope this helped.
0
 

Author Comment

by:rawray
ID: 17083517
Hi decoleur and Blaz,

Changed line in /etc/sysconfig/syslog to

SYSLOGD_OPTIONS="-m -r 0"

/etc/init.d/syslog restart gives:

Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [FAILED]
Starting system logger:                                    [FAILED]
Starting kernel logger:                                    [  OK  ]

and thus /sbin/service syslog status gives:

syslogd is stopped
klogd (pid 3553) is running...

How do I START syslogd?  Why do you think attempts FAILED?

Thanks so much!
0
 
LVL 16

Accepted Solution

by:
Blaz earned 275 total points
ID: 17087967
"-m 0" is a single parameter and you should not split it with the -r option. So your file should look like:

SYSLOGD_OPTIONS="-m 0 -r"

Probably this is the only reason for syslog not starting, so you can do a
/etc/init.d/syslog restart
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Fine Tune your automatic Updates for Ubuntu / Debian
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question