?
Solved

unable to syslog from one computer to another

Posted on 2007-04-03
5
Medium Priority
?
311 Views
Last Modified: 2011-09-20
Experts:

I am trying to send log messages from a Linux box named longstreet to another Linux box named venus.  They are on the same subnet. The messages never show up on venus.  I am using a logger command on longstreet such as the following to send the message:

tayloe@longstreet$ logger -p mail.info "This is a test"

I happen to use mail.info, but it could be any facility or severity level.

The relevant line in the /etc/syslog.conf file on longstreet is:

mail.info                        @venus.officenet.sham

The relevant line in the /etc/syslog.conf file on venus is:

mail.info                        /var/log/mail.test

The message never shows up in /var/log/mail.test on venus.  The message does, however, show up on longstreet in the correct file for mail.info messages.  So I know the message is going out.

I started the syslog program on venus with the -r option so I think it is accepting logs from other hosts.  Below is the output from "ps -e | grep 514" on venus, so I think venus is listening on udp 514 which is apparently the correct default port.  

udp        0      0 0.0.0.0:514                 0.0.0.0:*                              
udp        0      0 :::514                      :::*              

I don't think iptables is running on venus.  That might prevent venus from getting log messages from another host.  

I am able to go the other way.  That is, I am able to log messages on longstreet that are sent from venus.  So the computers are able to talk OK.

Can someone tell me what might be wrong?

Thanks,
Tnic
0
Comment
Question by:tayloenic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
freaky_NL earned 500 total points
ID: 18847600
Just to be sure iptables isn't running you could issue

iptables -L -v -n

anyways you might need to setup the logger to allow logs from external computers. Use syslog-ng myself.
0
 
LVL 16

Assisted Solution

by:The--Captain
The--Captain earned 500 total points
ID: 18849499
tcpdump on port 514 (both hosts) should point you in the right direction.

Cheers,
-Jon
0
 

Author Comment

by:tayloenic
ID: 18853761
freaky & captain:
Well, I'm a dumbass.  I kept thinking about a firewall blocking the syslog messages, but I know of only iptables.  I searched for that in the ps -e listing and it wasn't there, so in my mind I removed firewalls as a possible source of the trouble.  But I finally found "security level and firewall" in the fedora administration menu and found that a firewall is running (selinux?) and that was the trouble.  I changed it to allow udp 514 and it's working.  

Thanks to both of you for responding.  I will probably switch to syslog-ng, but I wanted to solve this problem first if for pride if nothing else.  And I will experiment with tcpdump and see if I could have found the problem that way.

Tnic
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 18853949
>but I know of only iptables.  I searched for that in the ps -e listing and it
>wasn't there, so in my mind I removed firewalls as a possible source of the trouble

iptables is simply that - a table of IP related info resident in memory to which the kernel refers when it's dealing with IP traffic.  You will not see a process specifically referring to iptables, because as I said, it's a table of information, not a process.

Your GUI probably just adjusted iptables for you.

iptables-save dumps the information to stdout on my box - YMMV.

Cheers,
-Jon
 
0
 

Author Comment

by:tayloenic
ID: 18854884
Captain:

You are exactly correct.  iptables-save shows that iptables is running and shows the rule that was added by my GUI to allow udp 514.  I had no idea that iptables would not show up in a process status listing.  

Thanks a lot!!!
Tnic
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question