Solved

unable to syslog from one computer to another

Posted on 2007-04-03
5
292 Views
Last Modified: 2011-09-20
Experts:

I am trying to send log messages from a Linux box named longstreet to another Linux box named venus.  They are on the same subnet. The messages never show up on venus.  I am using a logger command on longstreet such as the following to send the message:

tayloe@longstreet$ logger -p mail.info "This is a test"

I happen to use mail.info, but it could be any facility or severity level.

The relevant line in the /etc/syslog.conf file on longstreet is:

mail.info                        @venus.officenet.sham

The relevant line in the /etc/syslog.conf file on venus is:

mail.info                        /var/log/mail.test

The message never shows up in /var/log/mail.test on venus.  The message does, however, show up on longstreet in the correct file for mail.info messages.  So I know the message is going out.

I started the syslog program on venus with the -r option so I think it is accepting logs from other hosts.  Below is the output from "ps -e | grep 514" on venus, so I think venus is listening on udp 514 which is apparently the correct default port.  

udp        0      0 0.0.0.0:514                 0.0.0.0:*                              
udp        0      0 :::514                      :::*              

I don't think iptables is running on venus.  That might prevent venus from getting log messages from another host.  

I am able to go the other way.  That is, I am able to log messages on longstreet that are sent from venus.  So the computers are able to talk OK.

Can someone tell me what might be wrong?

Thanks,
Tnic
0
Comment
Question by:tayloenic
  • 2
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
freaky_NL earned 125 total points
ID: 18847600
Just to be sure iptables isn't running you could issue

iptables -L -v -n

anyways you might need to setup the logger to allow logs from external computers. Use syslog-ng myself.
0
 
LVL 16

Assisted Solution

by:The--Captain
The--Captain earned 125 total points
ID: 18849499
tcpdump on port 514 (both hosts) should point you in the right direction.

Cheers,
-Jon
0
 

Author Comment

by:tayloenic
ID: 18853761
freaky & captain:
Well, I'm a dumbass.  I kept thinking about a firewall blocking the syslog messages, but I know of only iptables.  I searched for that in the ps -e listing and it wasn't there, so in my mind I removed firewalls as a possible source of the trouble.  But I finally found "security level and firewall" in the fedora administration menu and found that a firewall is running (selinux?) and that was the trouble.  I changed it to allow udp 514 and it's working.  

Thanks to both of you for responding.  I will probably switch to syslog-ng, but I wanted to solve this problem first if for pride if nothing else.  And I will experiment with tcpdump and see if I could have found the problem that way.

Tnic
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 18853949
>but I know of only iptables.  I searched for that in the ps -e listing and it
>wasn't there, so in my mind I removed firewalls as a possible source of the trouble

iptables is simply that - a table of IP related info resident in memory to which the kernel refers when it's dealing with IP traffic.  You will not see a process specifically referring to iptables, because as I said, it's a table of information, not a process.

Your GUI probably just adjusted iptables for you.

iptables-save dumps the information to stdout on my box - YMMV.

Cheers,
-Jon
 
0
 

Author Comment

by:tayloenic
ID: 18854884
Captain:

You are exactly correct.  iptables-save shows that iptables is running and shows the rule that was added by my GUI to allow udp 514.  I had no idea that iptables would not show up in a process status listing.  

Thanks a lot!!!
Tnic
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now