[opensuse] Cant get syslog server my w/station to accept 514 connections for remote logging.
Hi List I have been trying to get my OpenSuSE 10.2 Retail Client to accept remote logs from mail server. I have configured the mail servers and amended the iptables rules to suit. I run netstat -a | egrep syslog and I get the following below on the mail server :: [chuck@mail1-server logalizer]# netstat -a | egrep syslog udp 0 0 *:syslog I have looked at /etc/sysconfig/syslog and I cant get this to work with SYSLOGD_PARAMS="-r -s mydomain.com" No go with /etc/syslog-ng/syslog-ng.conf either. # # include internal syslog-ng messages # note: the internal() soure is required! # internal(); # # the following line will be replaced by the # socket list generated by SuSEconfig using # variables from /etc/sysconfig/syslog: # unix-dgram("/dev/log"); # # uncomment to process log messages from network: # #udp(ip("0.0.0.0") port(514)); udp(ip("192.168.0.**") port(514)); }; Any ideas Cheers -- Chuck Amadi ROK Corporation Limited Ty ROK, Dyffryn Business Park, Llantwit Major Road, Llandow, Vale Of Glamorgan. CF71 7PY Tel: 01446 795 839 Fax: 01446 794 994 International Tel: +44 1446 795 839 email: chuck.amadi@rokcorp.com This email is confidential to the addressee only. If you do not believe that you are the intended recipient, do not pass it on or copy it in any way. Please delete it immediately. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2007-03-29 at 15:59 +0100, Chuck Amadi wrote:
I have been trying to get my OpenSuSE 10.2 Retail Client to accept remote logs from mail server.
Piece of cake. :-p
Any ideas
Add this to the default config of /etc/syslog-ng/syslog-ng.conf source ext { udp(ip("0.0.0.0") port(514)); }; below the source src {...} def. Then: filter f_router { host("router"); }; destination router { file("/var/log/router"); }; log { source(ext); filter(f_router); destination(router); }; All my external log sources are thus separated. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGC9jOtTMYHG2NR9URAkbyAJ9H6/3AwsjzovcsXyPlDWYpRUnwDwCfcM7f gatmIAnzXBN//xve7LJRdEs= =T2su -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2007-03-29 at 15:59 +0100, Chuck Amadi wrote:
I have been trying to get my OpenSuSE 10.2 Retail Client to accept remote logs from mail server.
Piece of cake. :-p
Any ideas
Add this to the default config of /etc/syslog-ng/syslog-ng.conf
source ext { udp(ip("0.0.0.0") port(514)); };
below the source src {...} def. Then:
filter f_router { host("router"); };
destination router { file("/var/log/router"); }; log { source(ext); filter(f_router); destination(router); };
All my external log sources are thus separated.
- -- Cheers, Carlos E. R.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76
iD8DBQFGC9jOtTMYHG2NR9URAkbyAJ9H6/3AwsjzovcsXyPlDWYpRUnwDwCfcM7f gatmIAnzXBN//xve7LJRdEs= =T2su -----END PGP SIGNATURE-----
Hi Carols I hope So gave up on for a day or So to gather my thoughts. I will look at your snippet and have a crack after I make a backup. Cheers Chuck -- Chuck Amadi ROK Corporation Limited Ty ROK, Dyffryn Business Park, Llantwit Major Road, Llandow, Vale Of Glamorgan. CF71 7PY Tel: 01446 795 839 Fax: 01446 794 994 International Tel: +44 1446 795 839 email: chuck.amadi@rokcorp.com This email is confidential to the addressee only. If you do not believe that you are the intended recipient, do not pass it on or copy it in any way. Please delete it immediately. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2007-03-29 at 15:59 +0100, Chuck Amadi wrote:
I have been trying to get my OpenSuSE 10.2 Retail Client to accept remote logs from mail server.
Piece of cake. :-p
Any ideas
Add this to the default config of /etc/syslog-ng/syslog-ng.conf
source ext { udp(ip("0.0.0.0") port(514)); };
below the source src {...} def. Then:
filter f_router { host("router"); };
destination router { file("/var/log/router"); }; log { source(ext); filter(f_router); destination(router); };
All my external log sources are thus separated.
- -- Cheers, Carlos E. R.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76
iD8DBQFGC9jOtTMYHG2NR9URAkbyAJ9H6/3AwsjzovcsXyPlDWYpRUnwDwCfcM7f gatmIAnzXBN//xve7LJRdEs= =T2su -----END PGP SIGNATURE-----
Hi Carlos (Greatt List) Excellent added your additions and run netstat command which now works. chuck:/var/log # netstat -a | egrep syslog udp 0 0 *:syslog *:* Next tasks as I see that the syslog client's mail is in my /var/log/mail So any steps me in the right direction to for my external log sources in a separated file as you mentioned. Thus my proof concept is working and I am going "Now" create the setup on one of are dormant web servers which I will install MailGraph for graph reports on are mail server as I am not allowed to add any more load on are postfix mail server. Cheers -- Chuck Amadi ROK Corporation Limited Ty ROK, Dyffryn Business Park, Llantwit Major Road, Llandow, Vale Of Glamorgan. CF71 7PY Tel: 01446 795 839 Fax: 01446 794 994 International Tel: +44 1446 795 839 email: chuck.amadi@rokcorp.com This email is confidential to the addressee only. If you do not believe that you are the intended recipient, do not pass it on or copy it in any way. Please delete it immediately. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2007-03-29 at 17:04 +0100, Chuck Amadi wrote:
Hi Carlos (Greatt List)
Excellent added your additions and run netstat command which now works.
chuck:/var/log # netstat -a | egrep syslog udp 0 0 *:syslog *:*
Good. :-)
Next tasks as I see that the syslog client's mail is in my /var/log/mail So any steps me in the right direction to for my external log sources in a separated file as you mentioned. Thus my proof concept is working and I am going "Now" create the setup on one of are dormant web servers which I will install MailGraph for graph reports on are mail server as I am not allowed to add any more load on are postfix mail server.
The above sets syslog to listen to remote syslog clients, but it is up to them so send long entries: that will depend on them. Right now I don't know how to tell postfix to log externally. When you do receive those, well, it's just a question of filtering to the appropiate places. Perhaps first log everything, like:
destination external_all { file("/var/log/external_all_messages"); }; log { source(ext); destination(external_all); };
Then filter whatever you want; take the local filters as a guide. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGDE1JtTMYHG2NR9URAk4dAKCPYEOJyZBgTykPn0YA/BCzktE4YQCgkbBd gdIeP7Yv/LjZS6p6ILnd4IA= =kcNS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Carlos E. R. -
Chuck Amadi