Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

syslog-forward over internet

Problems configuring syslog in your device or application? Turn to this group for peer discussions.

Moderator: alorbach

Google Ads


syslog-forward over internet

Postby madmax » Thu Sep 30, 2004 8:54 am

Hi all,

i have one question:
a friend will send his syslog-messages (from his router) over the internet to my redhat-server but i didn't see any request on my firewall .

so the question....
is it possible to send this syslog-messages over the internet? (not into the privat network).

are there some hints for this architecture?

the redhat-server is listen on upd/514 is this correct, or have i forgot something?

thx for help
madmax
madmax
 

Postby rgerhards » Thu Sep 30, 2004 9:16 am

Hi,

syslog is just a "normal" TCP applicaton, so you can use the Internet or Intranet as you like. You just must be aware that a third party can intercept the syslog message. As they are plain text, this may reveal information you would not really like an outsider to see. Also, UDP is lossy transport, so not all packets may arrive at your server (if the Internet is very busy). But besides this, using syslog over the Internet is possible and I know of at least some who have done so successfully.

I guess that you do not see anything on the red hat box is a config issue. The syslogd must be instructed to accept remote messages. By default, it logs only local message. AFAIK, you need to specify the "-r" option with syslogd. If in doubt, see the syslogd man page.

Hope this helps,
Rainer
rgerhards
Site Admin
 
Posts: 3807
Joined: Thu Feb 13, 2003 11:57 am

Postby madmax » Thu Sep 30, 2004 9:25 am

hi

thx for the fast answer:
to syslog-config: i am using syslog-ng and listening on upd-port 514

but i think the problem is not syslog, i think its the tcp connection.

when i sniff (tcpdump -i eth0 host xxx.xxx.xxx) i dont see anything from the router.... so therefor i thought there is a restiction for syslog-forward...
madmax
 

Postby rgerhards » Thu Sep 30, 2004 1:44 pm

Hi,

this looks like either the ISP block syslog (can happen with ISPs...), or the router itself does not forward to the Internet interface (I personally have yet to see this, but it might exist...).

Rainer
rgerhards
Site Admin
 
Posts: 3807
Joined: Thu Feb 13, 2003 11:57 am

Google Ads



Return to Configuring Syslog

Who is online

Users browsing this forum: No registered users and 0 guests

cron