[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 320
  • Last Modified:

unable to syslog from one computer to another

Experts:

I am trying to send log messages from a Linux box named longstreet to another Linux box named venus.  They are on the same subnet. The messages never show up on venus.  I am using a logger command on longstreet such as the following to send the message:

tayloe@longstreet$ logger -p mail.info "This is a test"

I happen to use mail.info, but it could be any facility or severity level.

The relevant line in the /etc/syslog.conf file on longstreet is:

mail.info                        @venus.officenet.sham

The relevant line in the /etc/syslog.conf file on venus is:

mail.info                        /var/log/mail.test

The message never shows up in /var/log/mail.test on venus.  The message does, however, show up on longstreet in the correct file for mail.info messages.  So I know the message is going out.

I started the syslog program on venus with the -r option so I think it is accepting logs from other hosts.  Below is the output from "ps -e | grep 514" on venus, so I think venus is listening on udp 514 which is apparently the correct default port.  

udp        0      0 0.0.0.0:514                 0.0.0.0:*                              
udp        0      0 :::514                      :::*              

I don't think iptables is running on venus.  That might prevent venus from getting log messages from another host.  

I am able to go the other way.  That is, I am able to log messages on longstreet that are sent from venus.  So the computers are able to talk OK.

Can someone tell me what might be wrong?

Thanks,
Tnic
0
tayloenic
Asked:
tayloenic
  • 2
  • 2
2 Solutions
 
freaky_NLCommented:
Just to be sure iptables isn't running you could issue

iptables -L -v -n

anyways you might need to setup the logger to allow logs from external computers. Use syslog-ng myself.
0
 
The--CaptainCommented:
tcpdump on port 514 (both hosts) should point you in the right direction.

Cheers,
-Jon
0
 
tayloenicAuthor Commented:
freaky & captain:
Well, I'm a dumbass.  I kept thinking about a firewall blocking the syslog messages, but I know of only iptables.  I searched for that in the ps -e listing and it wasn't there, so in my mind I removed firewalls as a possible source of the trouble.  But I finally found "security level and firewall" in the fedora administration menu and found that a firewall is running (selinux?) and that was the trouble.  I changed it to allow udp 514 and it's working.  

Thanks to both of you for responding.  I will probably switch to syslog-ng, but I wanted to solve this problem first if for pride if nothing else.  And I will experiment with tcpdump and see if I could have found the problem that way.

Tnic
0
 
The--CaptainCommented:
>but I know of only iptables.  I searched for that in the ps -e listing and it
>wasn't there, so in my mind I removed firewalls as a possible source of the trouble

iptables is simply that - a table of IP related info resident in memory to which the kernel refers when it's dealing with IP traffic.  You will not see a process specifically referring to iptables, because as I said, it's a table of information, not a process.

Your GUI probably just adjusted iptables for you.

iptables-save dumps the information to stdout on my box - YMMV.

Cheers,
-Jon
 
0
 
tayloenicAuthor Commented:
Captain:

You are exactly correct.  iptables-save shows that iptables is running and shows the rule that was added by my GUI to allow udp 514.  I had no idea that iptables would not show up in a process status listing.  

Thanks a lot!!!
Tnic
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now