[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 514/ucp won't listen for remote syslog



It is the difference between TCP and UDP.  Neither UDP nor RAW
connections have a "state", therefore that column is left blank (see the
man page on netstat).  The system does know that it is listening.  The
-l switch to netstat under Linux just lists the listening ports.

On Fri, 2003-01-10 at 09:22, Dan Fleischer wrote:
> You're right, I do have log entries even without 514/udp showing that it
> is listening.  
> 
> Why doesn't it show that it's listening?
> 
> On Fri, 2003-01-10 at 09:19, Todd J. Davis wrote:
> > Normally with RedHat you set the options for syslog in
> > /etc/sysconfig/syslog.  However, if you added the -r to the
> > /etc/init.d/syslog it will still work.
> > 
> > UDP doesn't show LISTENING in the state column of netstat.  If you issue
> > netstat -uln you will get a list of just listening UDP ports.  Yous
> > should see 514 listed as:
> > udp	0	0 0.0.0.0:514	0.0.0.0:*
> > 
> > That is how the RH7.1 machine that I have here doing network syslogging
> > shows, and everything is working fine.
> > --
> > 
> > On Fri, 2003-01-10 at 08:55, Dan Fleischer wrote:
> > > I'm setting up a syslog server on our LAN for diagnostic reasons.  The
> > > machine I've setup is running RH7.1, stock kernel 2.4.2-2 (the problems
> > > I'm listing below were repeated on a different box running RH7.3)  
> > > syslogd is running with the '-r' option in '/etc/init.d/syslog' so that
> > > it can listen to another machine on the LAN.
> > > 
> > > Restarting the syslog service generates the following messages:
> > > Shutting down kernel logger:                               [  OK  ]
> > > Shutting down system logger:                               [  OK  ]
> > > Starting system logger:                                    [  OK  ]
> > > Starting kernel logger:                                    [  OK  ]
> > > 
> > > Then I run 'netstat -an' and get:
> > > Active Internet connections (servers and established)
> > > Proto Recv-Q Send-Q Local Address           Foreign Address        
> > > State
> > > tcp        0      0 0.0.0.0:1024            0.0.0.0:*              
> > > LISTEN
> > > tcp        0      0 0.0.0.0:515             0.0.0.0:*              
> > > LISTEN
> > > tcp        0      0 0.0.0.0:111             0.0.0.0:*              
> > > LISTEN
> > > tcp        0      0 0.0.0.0:22              0.0.0.0:*              
> > > LISTEN
> > > tcp        0      0 192.168.1.114:22        192.168.1.83:37072     
> > > ESTABLISHED
> > > udp        0      0 0.0.0.0:1024            0.0.0.0:*
> > > udp        0      0 0.0.0.0:514             0.0.0.0:*
> > > udp        0      0 0.0.0.0:602             0.0.0.0:*
> > > udp        0      0 0.0.0.0:111             0.0.0.0:*
> > > 
> > > which shows that 514/udp is not listening.  Nmap confirms this.
> > > 
> > > Here's the default /etc/syslog.conf file:
> > > 
> > > # Log all kernel messages to the console.
> > > # Logging much else clutters up the screen.
> > > #kern.*                                                 /dev/console
> > > 
> > > # Log anything (except mail) of level info or higher.
> > > # Don't log private authentication messages!
> > > *.info;mail.none;authpriv.none;cron.none               
> > > /var/log/messages
> > > 
> > > # The authpriv file has restricted access.
> > > authpriv.*                                              /var/log/secure
> > > 
> > > # Log all the mail messages in one place.
> > > mail.*                                                  /var/log/maillog
> > > 
> > > 
> > > # Log cron stuff
> > > cron.*                                                  /var/log/cron
> > > 
> > > # Everybody gets emergency messages, plus log them on another
> > > # machine.
> > > *.emerg                                                 *
> > > 
> > > # Save mail and news errors of level err and higher in a
> > > # special file.
> > > uucp,news.crit                                          /var/log/spooler
> > > 
> > > # Save boot messages also to boot.log
> > > local7.*
> > > 
> > > What am I missing?  How can I get 514/udp to listen?
> > > 
> > > -- 
> > > Dan Fleischer
> > > Systems Administrator
> > > Bank & Trust Co.
> > > 401 N. Madison St.
> > > Litchfield, IL 62056
> > > 
> > > Ph. 217-324-3935
> > > http://www.bank-and-trust.com
> > > 
> > > 
> > > -
> > > To unsubscribe, send email to majordomo@luci.org with
> > > "unsubscribe luci-discuss" in the body.
> > -- 
> > Todd Davis (tdavis@msfw.com)
> > Red Hat Certified Engineer (RHCE #807101281603181)
> > 
> > 
> > -
> > To unsubscribe, send email to majordomo@luci.org with
> > "unsubscribe luci-discuss" in the body.
> > 
> -- 
> Dan Fleischer
> Systems Administrator
> Bank & Trust Co.
> 401 N. Madison St.
> Litchfield, IL 62056
> 
> Ph. 217-324-3935
> http://www.bank-and-trust.com
> 
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
-- 
Todd Davis (tdavis@msfw.com)
Red Hat Certified Engineer (RHCE #807101281603181)


-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.