Help with syslog

Dan Lund situationalawareness at gmail.com
Sat Jun 23 10:47:27 MST 2007 

You could always check out Splunk, though that can be an overkill sometimes.


On 6/22/07, Bryan O'Neal <BONeal at cornerstonehome.com> wrote:
> Getting Closer!
>
> I am finding I am getting a lot of information, so I need new solutions.
> I need a good parser, if none exists I will create one my self using
> Java, which I know is the wrong language but it is also the one I know.
>
>
> -----Original Message-----
> From: plug-discuss-bounces at lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of
> Bryan O'Neal
> Sent: Thursday, June 21, 2007 7:54 PM
> To: Main PLUG discussion list
> Subject: RE: Help with syslog
>
> /etc/sysconfig on mine :)
>
> Thanks Hans!
>
> -----Original Message-----
> From: plug-discuss-bounces at lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of
> der.hans
> Sent: Thursday, June 21, 2007 2:03 AM
> To: Main PLUG discussion list
> Cc: Arizona State University Linux Users Group
> Subject: Re: Help with syslog
>
> Am 20. Jun, 2007 schwtzte Bryan O'Neal so:
>
> moin moin Bryan,
>
> > I have a dozen or so devices that shoot me syslog info and, I will
> > admit, up until now I have been using a windows box as my syslog
> server.
> > Now I want to use my linux box.  I have two nicks in my linux box and
> I
> > pointed my devices to the IP of eth0.  I then added local0.* through
> > local6.* to my syslog.conf and pointed them to respective logs.  I
> > restarted syslog (service syslog restart) and eagerly awaited
> > information, but none arrived.
>
> Is your syslog server listening for external syslog entries?
>
> # For remote UDP logging use SYSLOGD="-r"
>
> That's in /etc/default/syslogd on my box.
>
> If you've got the -r set, you might want to verify that syslog is
> listening to UDP port 514 on eth0.
>
> After that make sure you don't have any firewall rules preventing
> receiving the packets.
>
> If all of that is good use tcpdump/wireshark/etc. on the client box to
> investigate the packets being sent.
>
> ciao,
>
> der.hans
> --
> #  https://www.LuftHans.com/        http://www.CiscoLearning.org/
> #  "I decry the current tendency to seek patents on algorithms.  There
> are
> #  better ways to earn a living than to prevent other people from making
> use
> #  of one's contributions to computer science."  -- Donald E. Knuth
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


-- 
"Courage is like love; it must have hope to nourish it."
-Napoleon Bonaparte

More information about the PLUG-discuss mailing list