router -> rsyslogd server
brent timothy saner
brent.saner at gmail.com
Tue Dec 15 22:24:36 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/15/09 16:03, Mike.lifeguard wrote:
> Hello,
>
> I have a router which can send to a syslog server, so I have tried to
> set that up. I've set the server IP on the router, and set an iptables
> rule to accept the packets:
(SNIP)
> However no messages are making it into the file. My two ideas are
> 1) my iptables rule is wrong; and/or
> 2) even though /etc/default/syslogd has SYSLOGD="-r" it isn't actually
> using that option:
> root at binnie:~# ps aux | grep rsyslogd
> syslog 650 0.0 0.0 34324 1332 ? Sl 17:24 0:00
> rsyslogd -c4
>
i've used syslog-ng for quite a while, so i'm a bit unfamiliar with
rsyslog, etc.
however, i feel that a tcpdump showing UDP packets on "binnie"
originating from the router may help you determine if it's a firewall
issue or not. that'll at least tell you if it's even coming through or not.
the following will create a pcap file (which if you prefer can be opened
in wireshark as well, for others on the list, if your cli-fu is a bit
weak) :
sudo tcpdump -s 0 -w rsyslog.pcap -n src ROUTER and udp dst port 514
(where ROUTER is the router's IP)
will write to a file called rsyslog.pcap in your current directory. i'd
let that run for an arbitrary amount of time- i'd say a good 3-5
minutes, to make sure we get a sizeable capture. i don't know how you
have the syslog configured so i can't get you a good idea on any other
fine-tunings you can make.
i'd also run:
sudo netstat -tunlp|grep syslog
to make sure that syslog is, in fact, running and listening for connections.
let me know if this helps.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksoDKQACgkQ8u2Zh4MtlQooQgCfTtpoIOeGsUm9k6/eTxgbkiy/
puMAoMp72BO9xDRf1RsbJR8g/r3RoHnm
=eL/t
-----END PGP SIGNATURE-----
More information about the ubuntu-server
mailing list