Solved

unable to syslog from one computer to another

Posted on 2007-04-03
5
307 Views
Last Modified: 2011-09-20
Experts:

I am trying to send log messages from a Linux box named longstreet to another Linux box named venus.  They are on the same subnet. The messages never show up on venus.  I am using a logger command on longstreet such as the following to send the message:

tayloe@longstreet$ logger -p mail.info "This is a test"

I happen to use mail.info, but it could be any facility or severity level.

The relevant line in the /etc/syslog.conf file on longstreet is:

mail.info                        @venus.officenet.sham

The relevant line in the /etc/syslog.conf file on venus is:

mail.info                        /var/log/mail.test

The message never shows up in /var/log/mail.test on venus.  The message does, however, show up on longstreet in the correct file for mail.info messages.  So I know the message is going out.

I started the syslog program on venus with the -r option so I think it is accepting logs from other hosts.  Below is the output from "ps -e | grep 514" on venus, so I think venus is listening on udp 514 which is apparently the correct default port.  

udp        0      0 0.0.0.0:514                 0.0.0.0:*                              
udp        0      0 :::514                      :::*              

I don't think iptables is running on venus.  That might prevent venus from getting log messages from another host.  

I am able to go the other way.  That is, I am able to log messages on longstreet that are sent from venus.  So the computers are able to talk OK.

Can someone tell me what might be wrong?

Thanks,
Tnic
0
Comment
Question by:tayloenic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
freaky_NL earned 125 total points
ID: 18847600
Just to be sure iptables isn't running you could issue

iptables -L -v -n

anyways you might need to setup the logger to allow logs from external computers. Use syslog-ng myself.
0
 
LVL 16

Assisted Solution

by:The--Captain
The--Captain earned 125 total points
ID: 18849499
tcpdump on port 514 (both hosts) should point you in the right direction.

Cheers,
-Jon
0
 

Author Comment

by:tayloenic
ID: 18853761
freaky & captain:
Well, I'm a dumbass.  I kept thinking about a firewall blocking the syslog messages, but I know of only iptables.  I searched for that in the ps -e listing and it wasn't there, so in my mind I removed firewalls as a possible source of the trouble.  But I finally found "security level and firewall" in the fedora administration menu and found that a firewall is running (selinux?) and that was the trouble.  I changed it to allow udp 514 and it's working.  

Thanks to both of you for responding.  I will probably switch to syslog-ng, but I wanted to solve this problem first if for pride if nothing else.  And I will experiment with tcpdump and see if I could have found the problem that way.

Tnic
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 18853949
>but I know of only iptables.  I searched for that in the ps -e listing and it
>wasn't there, so in my mind I removed firewalls as a possible source of the trouble

iptables is simply that - a table of IP related info resident in memory to which the kernel refers when it's dealing with IP traffic.  You will not see a process specifically referring to iptables, because as I said, it's a table of information, not a process.

Your GUI probably just adjusted iptables for you.

iptables-save dumps the information to stdout on my box - YMMV.

Cheers,
-Jon
 
0
 

Author Comment

by:tayloenic
ID: 18854884
Captain:

You are exactly correct.  iptables-save shows that iptables is running and shows the rule that was added by my GUI to allow udp 514.  I had no idea that iptables would not show up in a process status listing.  

Thanks a lot!!!
Tnic
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question