"The Linux Gazette...making Linux just a little more fun!"


(?) The Answer Guy (!)


By James T. Dennis, [email protected]
Starshine Technical Services, http://www.starshine.org/


(?) Linux as a Loghost (Syslog Server)

From Ravi Shah on Thu, 25 Feb 1999

Thanks a lot. It works. Do you have any book you are writing specifally for Linux and does include most of the questions that you have been answering for quite a while ? I would be very much interested in your book if you have one out or writing one.

(!) As a matter of fact I am writing a book for Linux system administrators. My co-author is taking over quite a bit of the load (smoothing out the sectional organization and the transitions between core content elements).
I hope to have it done RSN ("real soon now"(TM)). (It should be "Linux Systems Administration" from Macmillan Computer Publishing).
I'm glad that helped. Incidentally, if you try to use the -m option on some of your Linux clients --- to force them to periodically generate "heartbeat" or "timestamp" messages, you should be aware that this feature was broken until fairly recently. (It used to work, years ago, then stopped working in later releases and the author/maintainer assured me that it should be working if you get the latest copy --- I don't have the details handy --- but it shouldn't be too hard to dig up).

(?) Thanks again for your great help. Ravi

(!) [In response to]:

(?)
>Dear Answerguy :


>This has been one of the best support for Linux is out there that
>I know of by searching for my question about syslog. This is one
>of the better site I have seen in a long time.

(!) I hope to provide even better support through my new employer: LinuxCare (commercial Linux support).
However, I'll be continuing to volunteer time through LG as well.

(?)
>Here is my quesion and your help will be greatly appreciated !!


>I am running Redhat 5.0 distribution of Linux on Dell Pentium 166,
>and it works fine with dual boot of NT.


>I would like to use this machine to be a syslog server for Cisco
>routers since we are major ISP. I have setup local7 facility to
>logged the debug messages, but Linux is not logging any debug
>messages from Cisco router. I have issued service timestamp
>commands from cisco router, and it does not work !! Similar
>setting works fine in Solaris, but not in Linux !! Help.. Thanks.

(!)
NAME
sysklogd - Linux system logging utilities.

SYNOPSIS
syslogd [ -d ] [ -f config file ] [ -h ] [ -l hostlist ] 
        [ -m interval ] [ -n ] [ -p socket ] [ -r ] 
        [ -s  domainlist ] [ -v ]

-r     This  option  will  enable  the facility to receive
       message from the network using an  internet  domain
       socket  with  the syslog service (see services(5)).
       The default is to not receive any messages from the
       network.

       This  option  is  introduced  in version 1.3 of the
Basically the older version of the syslog daemon would accept syslog messages by default --- from any machine that could get the right packets routed to them.
However there was a buffer overflow (bug) a few years ago which brought attention to the fact that very few systems need to act as remote loghosts (and that there is no sense in leaving the rest vulnerable to remote attacks through this service.
So the default was changed and now (which any recent version of syslogd (klogd) you have to add this parameter to your start script (or inittab entry) to force it to allow reception and logging from other systems.
I still recommend that you put the log host behind a set of packet filters (Cisco IOS "access control lists") to ensure that spurious and hostile log messages can't reach your loghost.


Copyright © 1999, James T. Dennis
Published in The Linux Gazette Issue 38 March 1999


[ Answer Guy Index ] 1 2 3 4 5 6 7 8 9 10 11
12   14   16 17 18 19   21 22
23 24   26   28 29 30 31 32  


[ Table Of Contents ] [ Front Page ] [ Previous Section ] [ Next Section ]