Jason Antonacci wrote:
>
> I realize has been answered previously but I cannot figure out where to
> modify my /etc/rc.d/init.d/syslog script to automagically start syslog
> accepting remote conections on linux-mandrake 6.0. Here is the file...
>
> Also, I've done the following...
>
> 1) Make sure syslogd is started w/ remote logging enabled. I just kill the
> syslogd and run 'syslogd -r'. I don't know how to get it to start as such
> automagically, but it has something to do with editing the
> /etc/rc.d/init.d/syslogd to reflect the same type change (can someone
> explicitly . Supposedly this opens a udp port 513, but on my system I think
> it is 514. It can be verified using the 'netstat -na' command.
Edit /etc/rc.d/init.d/syslog and change the line reading:
daemon syslogd -m 0
to read:
daemon syslogd -r -m 0
> 2) The hosts file should have an entry for loghost, but I think this might
> be only for Solaris. Example...
> 127.0.0.1 localhost loghost
Edit /etc/hosts and add the "loghost" part to either your localhost line
(the 127.0.0 shown above), or to the "real" ethernet network address. I
doubt that it will matter much either way.
The instruction above PROBABLY only applies to the OTHER host, the one
wanting to spool it's syslogs to a remote machine. So, add an entry
with an IP address, real hostname, and the loghost alias to the other
machine.
> 3) The log files must pre-exist. Create them using 'touch <filename>'
mkdir /var/log/gnatbox
cd /var/log/gnatbox
touch filter.log nat.log www.log
> 4) Modify the syslog.conf. Example...
> # Begin administrator modifications...
> # 04231999 Allows GNATBox Firewall to log FILTER events locally
> # (inactive, un-comment to activate, CAUTION this generates lots of data)
> #local1.* /var/log/gnatbox/filter.log
> # 04231999 Allows GNATBox Firewall to log NAT events locally
> # (inactive, un-comment to activate, CAUTION this generates lots of data)
> #local0.* /var/log/gnatbox/nat.log
> # 04231999 Allows GNATBox Firewall to log WWW events locally
> # (active)
> local2.* /var/log/gnatbox/www.log
> # End administrator modifications.
Then uncomment the appropriate lines in /etc/syslog.conf and restart
syslogd with:
/etc/rc.d/init.d/syslog restart
(alternately, you could just send the HUP signal to syslogd and it
accomplishes the same thing -- killall -HUP syslogd)
You'll also need to make changes to the remote machine to tell it to log
to your Linux machine. Check the syslog.conf manpage for syntax info.
--
Steve Philp
Network Administrator
Advance Packaging Corp.
[EMAIL PROTECTED]
