In message
<CADjQVp=fydnsqh69sbj7edj0r5fhrgedwophwgkr+qj_rdc...@mail.gmail.com> ,
Scott Ehrlich writes:
>I have a test environment consisting of Win 2008 R2 Server and Windows
>XP w/SP3, both running the latest Snare Agent for Windows, along with
>RHEL 5.6 and RHEL 6.2 servers, all within a VM environment.
>
>I am testing Linux as a central logging option. Snare Agent (free
>version) uses UDP, so it is a natural option for standard syslog on
>Linux.
>
>I am tailing /var/log/messages and only see host-only traffic, but
>another terminal window running tcpdump (or tcpdump -X port 514) DOES
>show incoming traffic from the clients.
>[...]
>Or, is there another step I need to learn to capture the data to a file?
Read 'man 8 syslogd', usually you need -r (IIRC) to enable remote
access.
Run sudo netstat -anp and see if anything is listening at *.*:514,
I'll bet there is nothing listening there. After you change ths
startup options to restart with -r syslogd should be bound to port
514.
Change the startup options by using a setting in
/etc/sysconfig/syslogd. Read the syslogd startup script in /etc/init.d
to see what variable to set and verify the name of the sysconfig file.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
_______________________________________________
bblisa mailing list
[email protected]
http://www.bblisa.org/mailman/listinfo/bblisa
