Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Server Development (http://www.linux-archive.org/ubuntu-server-development/)
-   -   router -> rsyslogd server (http://www.linux-archive.org/ubuntu-server-development/295907-router-rsyslogd-server.html)

"Mike.lifeguard" 12-15-2009 09:03 PM

router -> rsyslogd server
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I have a router which can send to a syslog server, so I have tried to
set that up. I've set the server IP on the router, and set an iptables
rule to accept the packets:

# iptables -I INPUT -p udp -i eth0 -s 192.168.0.1 -d 192.168.0.5 --dport
514 -j ACCEPT
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 192.168.0.1 192.168.0.5 udp dpt:syslog
...

I've verified that /etc/default/syslogd has SYSLOGD="-r"

However no messages are making it into the file. My two ideas are
1) my iptables rule is wrong; and/or
2) even though /etc/default/syslogd has SYSLOGD="-r" it isn't actually
using that option:
root@binnie:~# ps aux | grep rsyslogd
syslog 650 0.0 0.0 34324 1332 ? Sl 17:24 0:00
rsyslogd -c4

however looking in man rsyslogd, I don't see an -r option.

Any help figuring this out would be most welcome.

Thanks!
- -Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksoB78ACgkQst0AR/DaKHshXQCfQ8NZ9cqsBEyEllUwGqfaSNlP
JWUAoJ6cQ+oJjx/Jbxm2zU5BeZ0FfDbb
=WM1Z
-----END PGP SIGNATURE-----

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

brent timothy saner 12-15-2009 09:24 PM

router -> rsyslogd server
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/15/09 16:03, Mike.lifeguard wrote:
> Hello,
>
> I have a router which can send to a syslog server, so I have tried to
> set that up. I've set the server IP on the router, and set an iptables
> rule to accept the packets:

(SNIP)

> However no messages are making it into the file. My two ideas are
> 1) my iptables rule is wrong; and/or
> 2) even though /etc/default/syslogd has SYSLOGD="-r" it isn't actually
> using that option:
> root@binnie:~# ps aux | grep rsyslogd
> syslog 650 0.0 0.0 34324 1332 ? Sl 17:24 0:00
> rsyslogd -c4
>


i've used syslog-ng for quite a while, so i'm a bit unfamiliar with
rsyslog, etc.

however, i feel that a tcpdump showing UDP packets on "binnie"
originating from the router may help you determine if it's a firewall
issue or not. that'll at least tell you if it's even coming through or not.

the following will create a pcap file (which if you prefer can be opened
in wireshark as well, for others on the list, if your cli-fu is a bit
weak) :

sudo tcpdump -s 0 -w rsyslog.pcap -n src ROUTER and udp dst port 514


(where ROUTER is the router's IP)

will write to a file called rsyslog.pcap in your current directory. i'd
let that run for an arbitrary amount of time- i'd say a good 3-5
minutes, to make sure we get a sizeable capture. i don't know how you
have the syslog configured so i can't get you a good idea on any other
fine-tunings you can make.


i'd also run:

sudo netstat -tunlp|grep syslog

to make sure that syslog is, in fact, running and listening for connections.

let me know if this helps.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksoDKQACgkQ8u2Zh4MtlQooQgCfTtpoIOeGsU m9k6/eTxgbkiy/
puMAoMp72BO9xDRf1RsbJR8g/r3RoHnm
=eL/t
-----END PGP SIGNATURE-----

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

"Mike.lifeguard" 12-15-2009 10:16 PM

router -> rsyslogd server
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jovonnie Chesney wrote:
> Hi,
> Did you restart ipTables? Not sure if it's applicable to Ubuntu
> Servers, though. Just a thought.
>

I didn't before (didn't think it was necessary), but I've done so now,
and I don't see any messages getting through.

Thanks,
- -Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksoGMYACgkQst0AR/DaKHvvMwCfW9runpMo3omPuungwhPfKdCu
Aq0AniDLpXhg8eT56bR+9km0AUqoPNAs
=OtGM
-----END PGP SIGNATURE-----

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam


All times are GMT. The time now is 03:13 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.