Re: Re: Re: [jffnms-users] msyslog problem

nbkr Tue, 09 Nov 2004 08:35:29 -0800

Hi,

     At last I was successfull with syslog-ng. I tried a lot with msyslog but 
was not successfull with  it.


     I want use snmp version 3 as the snmp information is transfered in plain 
text. So can some body tell me what changes I have to make in router and in 
snmptrapd.conf files.

 Thanks for all the help.

Regards,

Balu.

"nbkr"<[EMAIL PROTECTED]> wrote:
Hi Javier,

     How r you?. Sorry I was on a long leave and I was busy with some others 
peojects.

    In continuation of syslog problem. Due to some problem in linux OS I had to 
reinstall it freshly.

    This time I have installed Fedora Core 2 and JFFNMS-0.7.9 ver with 
snmptrap. This time I was succesfull with snmptrap.

   But  I am still facing the same problem with msyslog. As u told i checked 
for any other process running in port 514 and also with my firewall setting.I 
did not found any problem.(Infact I have installed fedora core 2 without 
firewall).

Here is the processes running 
[EMAIL PROTECTED] balu]# ps -A
  PID TTY          TIME CMD
    1 ?        00:00:07 init
    2 ?        00:00:00 ksoftirqd/0
    3 ?        00:00:00 events/0
    4 ?        00:00:00 kblockd/0
    6 ?        00:00:00 khelper
    5 ?        00:00:00 khubd
   10 ?        00:00:00 aio/0
    9 ?        00:00:02 kswapd0
  109 ?        00:00:00 kseriod
  150 ?        00:00:00 scsi_eh_0
  155 ?        00:00:00 scsi_eh_1
  164 ?        00:00:30 kjournald
  865 ?        00:00:00 kjournald
 1312 ?        00:00:00 portmap
 1376 ?        00:00:00 acpid
 1389 ?        00:00:00 cupsd
 1577 ?        00:00:00 sshd
 1592 ?        00:00:00 xinetd
 1602 ?        00:00:00 vsftpd
 1641 ?        00:00:00 gpm
 1652 ?        00:00:00 crond
 1674 ?        00:00:00 xfs
 1693 ?        00:00:00 atd
 1712 ?        00:00:00 dbus-daemon-1
 1725 ?        00:00:00 mdadm
 1755 tty1     00:00:00 mingetty
 1761 tty2     00:00:00 mingetty
 1767 tty3     00:00:00 mingetty
 1772 tty4     00:00:00 mingetty
 1778 tty5     00:00:00 mingetty
 1855 tty6     00:00:00 mingetty
 1861 ?        00:00:00 gdm-binary
 1974 ?        00:00:00 gdm-binary
 1985 ?        00:11:06 X
 2097 ?        00:00:00 bonobo-activati
 2387 ?        00:00:11 gdmgreeter
 2473 ?        00:00:00 mysqld_safe
 2499 ?        00:00:13 mysqld
 8258 ?        00:00:00 httpd
 8259 ?        00:01:11 httpd
 8260 ?        00:01:23 httpd
 8261 ?        00:01:05 httpd
 8262 ?        00:01:06 httpd
 8263 ?        00:01:23 httpd
 8269 ?        00:01:33 httpd
 8271 ?        00:01:22 httpd
 8272 ?        00:01:24 httpd
31707 ?        00:00:00 sendmail
31716 ?        00:00:00 sendmail
21422 ?        00:00:03 pdflush
21946 ?        00:00:11 pdflush
18816 ?        00:00:00 in.telnetd
18817 ?        00:00:00 login
18827 pts/13   00:00:00 bash
18857 pts/13   00:00:00 su
18883 pts/13   00:00:00 bash
21140 ?        00:00:05 snmptrapd
 3652 ?        00:00:00 syslogd
 8600 ?        00:00:00 php
 8610 ?        00:00:00 php
 9232 ?        00:00:00 crond
 9233 ?        00:00:00 bash
 9234 ?        00:00:00 php
 9340 ?        00:00:00 sh
 9341 pts/13   00:00:00 ps

[EMAIL PROTECTED] balu]# netstat -putan | grep syslogd
udp        0      0 0.0.0.0:514             0.0.0.0:*                           
3652/syslogd

I am receiving the syslog as seen below 

[EMAIL PROTECTED] balu]# /usr/sbin/tcpdump -n port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
00:38:59.053497 IP 172.25.11.27.52355 > 172.25.12.103.syslog: UDP, length 123
00:39:02.053823 IP 172.25.11.27.52355 > 172.25.12.103.syslog: UDP, length 121
00:39:05.053877 IP 172.25.11.27.52355 > 172.25.12.103.syslog: UDP, length 123
 
3 packets captured
3 packets received by filter
0 packets dropped by kernel

And this is getting logged in /var/log/cisco.log file. But not in syslog table 
in jffnms database.

mysql> select * from syslog;
Empty set (0.00 sec)

[EMAIL PROTECTED] balu]# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console
 
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
 
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
 
# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog
 
 
# Log cron stuff
cron.*                                                  /var/log/cron
 
# Everybody gets emergency messages
*.emerg                                                 *
 
# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler
 
# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
 
local6.*                                                /var/log/cisco.log
local6.*                %mysql -s localhost -u jffnms -p jffnms -D jffnms -t 
syslog

I am not able to figure it out where I have gone wrong . Can u help me out in 
solving this problem.

And also I have a doubt . Do we require RW snmp community for RTT and packet 
loss graphs for each serial interface of routers. 

 I am not getting any graph for IP accounting.

 Right now I am using only RO snmp community.

 Pls suggest.

Regards,

nbkr.

   
   

"Javier Szyszlican"<[EMAIL PROTECTED]> wrote:
First, I apologize to the list for letting this 1MB email to pass.

Second, as you see in the strace output this process didn't do anything.

So, one or two things, you have 2 syslog daemons, or process running on port 
514, or you have firewall on the box discarding this traffic.

Javier

nbkr wrote:
> Hi,
> 
>      Javier here is the tcpdump output .
> 
> [EMAIL PROTECTED] balu]# tcpdump  -n port 514
> tcpdump: listening on eth1
> 16:02:16.827385 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 140
> 16:02:24.271444 172.25.11.42.49165 > 172.25.12.103.syslog:  udp 124
> 16:02:25.276513 172.25.11.42.49165 > 172.25.12.103.syslog:  udp 102
> 16:02:25.347298 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 142
> 16:02:28.736759 172.25.11.42.49165 > 172.25.12.103.syslog:  udp 100
> 16:02:28.737669 172.25.11.42.49165 > 172.25.12.103.syslog:  udp 122
> 16:02:29.125600 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 140
> 16:02:29.126182 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 140
> 16:02:34.377192 172.25.7.100.55803 > 172.25.12.103.syslog:  udp 121
> 16:02:56.086701 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 140
> 16:02:56.087343 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 138
> 16:03:05.492509 172.25.11.2.49465 > 172.25 .! 12.103.syslog:  udp 142
> 16:03:10.505434 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 142
> 16:03:12.757967 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 142
> 16:03:12.758603 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 139
> 16:03:24.712168 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 142
> 16:03:26.352465 172.25.11.2.49465 > 172.25.12.103.syslog:  udp 139
> 
> [EMAIL PROTECTED] balu]# netstat -putan | grep syslogd
> udp        0      0 0.0.0.0:514             
> 0.0.0.0:*                           11955/syslogd
> 
> And also I am attaching the output of strace command
> 
> And one more thing In this machine there are two ethernet ports eth0 & 
> eth1 i have disabled eth0 and am using eth1.
> 
> Regards,
> 
> nbkr


-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Javier Szyszlican, Project Leader, JFFNMS
[EMAIL PROTECTED]

I hope JFFNMS or I were helpful to you, if you
can, please donate at http://jffnms.org/donate



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
jffnms-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jffnms-users
Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com

 Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com

Bid for for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to 
http://airsahara.indiatimes.com and Bid Now!



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
jffnms-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jffnms-users
Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com

 Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com

Bid for for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to 
http://airsahara.indiatimes.com and Bid Now!



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
jffnms-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jffnms-users

Re: Re: Re: [jffnms-users] msyslog problem

Reply via email to