Help with syslog

Bryan O'Neal BONeal at cornerstonehome.com
Fri Jun 22 19:55:00 MST 2007 

Getting Closer!

I am finding I am getting a lot of information, so I need new solutions.
I need a good parser, if none exists I will create one my self using
Java, which I know is the wrong language but it is also the one I know.


-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of
Bryan O'Neal
Sent: Thursday, June 21, 2007 7:54 PM
To: Main PLUG discussion list
Subject: RE: Help with syslog

/etc/sysconfig on mine :)

Thanks Hans!

-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of
der.hans
Sent: Thursday, June 21, 2007 2:03 AM
To: Main PLUG discussion list
Cc: Arizona State University Linux Users Group
Subject: Re: Help with syslog

Am 20. Jun, 2007 schwtzte Bryan O'Neal so:

moin moin Bryan,

> I have a dozen or so devices that shoot me syslog info and, I will
> admit, up until now I have been using a windows box as my syslog
server.
> Now I want to use my linux box.  I have two nicks in my linux box and
I
> pointed my devices to the IP of eth0.  I then added local0.* through
> local6.* to my syslog.conf and pointed them to respective logs.  I
> restarted syslog (service syslog restart) and eagerly awaited
> information, but none arrived.

Is your syslog server listening for external syslog entries?

# For remote UDP logging use SYSLOGD="-r"

That's in /etc/default/syslogd on my box.

If you've got the -r set, you might want to verify that syslog is
listening to UDP port 514 on eth0.

After that make sure you don't have any firewall rules preventing
receiving the packets.

If all of that is good use tcpdump/wireshark/etc. on the client box to
investigate the packets being sent.

ciao,

der.hans
-- 
#  https://www.LuftHans.com/        http://www.CiscoLearning.org/
#  "I decry the current tendency to seek patents on algorithms.  There
are
#  better ways to earn a living than to prevent other people from making
use
#  of one's contributions to computer science."  -- Donald E. Knuth
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list