[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Syslog-sec] RE: [logs] SYSLOG "forwarding"

To: "Jay D. Dyson" <jdyson@treachery.net>
Subject: [Syslog-sec] RE: [logs] SYSLOG "forwarding"
From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>
Date: Mon, 31 Jan 2005 09:39:44 +0100
Cc: syslog-sec@employees.org
Delivered-to: archive-syslog-sec@lists.adiscon.com
Delivered-to: syslog-sec@employees.org
List-archive: <http://www.employees.org/pipermail/syslog-sec>
List-help: <mailto:syslog-sec-request@www.employees.org?subject=help>
List-id: "Mailing list for the syslog Working Group in the IETF." <syslog-sec.www.employees.org>
List-post: <mailto:syslog-sec@www.employees.org>
List-subscribe: <http://www.employees.org/mailman/listinfo/syslog-sec>, <mailto:syslog-sec-request@www.employees.org?subject=subscribe>
List-unsubscribe: <http://www.employees.org/mailman/listinfo/syslog-sec>, <mailto:syslog-sec-request@www.employees.org?subject=unsubscribe>
Sender: syslog-sec-bounces@www.employees.org
Thread-index: AcUFmsBCkXzV42hVTRmTSv1GouxhSwB1X6jg
Thread-topic: [logs] SYSLOG "forwarding"

Which exakt version of syslogd is it? Stock sysklogd 1.4.1 does NOT
forward to a remote host if it was received from a remote host! (a patch
is easy, but I am currently not able to go to the office). 

Rainer

> -----Original Message-----
> From: 
> loganalysis-bounces+rgerhards=hq.adiscon.com@lists.shmoo.com 
> [mailto:loganalysis-bounces+rgerhards=hq.adiscon.com@lists.shm
> oo.com] On Behalf Of Jay D. Dyson
> Sent: Friday, January 28, 2005 9:37 PM
> To: Log Analysis
> Subject: Re: [logs] SYSLOG "forwarding"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Fri, 28 Jan 2005, R. Benjamin Kessler wrote:
> 
> > I have a server with stock (linux) syslog running on it 
> that collects 
> > logs from network devices.  In addition to storing them 
> locally, I'd 
> > also like to forward or "relay" these messages to another 
> destination 
> > and I'm having some problems.
> >
> > I've added the following line to the syslog.conf file:
> >
> > local7.*	@10.192.4.28
> >
> > And bounced the process but that doesn't seem to have had 
> any impact.
> >
> > Any clues as to what I'm doing wrong here?
> 
>  	The line from your syslog.conf seems logical, so we need to 
> explore other possible complications.
> 
>  	Is the syslogd service at 10.192.4.28 listening on 514/UDP? 
> Also, what -- if any -- services are typically sending log 
> output at the 
> local7 level?  Moreover, is the system you're trying this on 
> also sitting 
> on an RFC1918 non-routable address LAN using 10/8?
> 
>  	Once we have answers on those questions, we can proceed in 
> narrowing down where the major malfunction is.
> 
> - -Jay
> 
>     (    (                                                    
>     _______
>     ))   ))   .-"There's always time for a good cup of 
> coffee"-.   >====<--.
>   C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@treachery.net 
> -----<) |    = |-'
>    `--' `--'  `--------------- Nil sine Domini. 
> ---------------'  `------'
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (TreacherOS)
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
> 
> iD8DBQFB+qKBBYoRACwSF0cRAnG2AJ4mH+tRfVwelFqbj1Q422D0T6GieACfR9h7
> RqRBWTyy9Z6m+Em6HOw6R7M=
> =J7cK
> -----END PGP SIGNATURE-----
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/loganalysis
> 
_______________________________________________
Syslog-sec mailing list
Syslog-sec@www.employees.org
http://www.employees.org/mailman/listinfo/syslog-sec

Follow-Ups:
- [Syslog-sec] RE: [logs] SYSLOG "forwarding"
  - From: "Jay D. Dyson" <jdyson@treachery.net>

Prev by Date: [Syslog-sec] Detailed Review Comments on Syslog Protocol -09
Next by Date: [Syslog-sec] Meeting In Minneapolis
Previous by thread: [Syslog-sec] Detailed Review Comments on Syslog Protocol -09
Next by thread: [Syslog-sec] RE: [logs] SYSLOG "forwarding"
Index(es):
- Date
- Thread