if you do iptables -L -n I'll bet that you have a line in there that tells it
to log under some conditions. There is a way to put a tag in the log that would
make them easy to filter
without doing something like that they are rather hard to write rules for that
won't catch other logs as well.
David Lang
On Fri, 6 Sep 2013, Mayur Patil wrote:
Date: Fri, 6 Sep 2013 13:38:59 +0530
From: Mayur Patil <[email protected]>
To: David Lang <[email protected]>
Cc: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] [rsyslog-user] how to Stop logging dhcp messages &
firewall disturbance
Thanks David sir for help.
Now rSyslog restarts quickly.
I followed your procedure
This time I got message
logserver kernel: [12916.877215] init: rsyslog main process (6404)
terminated with status 1
logserver kernel: [12916.877259] init: rsyslog main process ended,
respawning
The restarts problem has solved.
Out of 3, two problems has been solved
1. Dhcp logging has stopped which was related to cloud.
2. rSyslog restarts now quickly due to above said procedure.
The only thing remain is of firewall.
I have added rules and ports for rsyslog and related trafiic to firewall
then also it blocks all trafiic.
When firewall is disabled,
clc euca-cc: instances: 0000 (0000 extant + 0000 pending + 0000 terminated)
Sep 6 12:56:44 clc euca-cc: nodes: 0001 (0000 busy + 0001 idle + 0000
unresponsive)
Sep 6 12:55:44 logserver kernel: [12916.877215] init: rsyslog main process
(6404) terminated with status 1
Sep 6 12:55:44 logserver kernel: [12916.877259] init: rsyslog main process
ended, respawning
Sep 6 12:55:45 logserver kernel: [12917.549858] init: rsyslog main process
(6415) terminated with status 1
Sep 6 12:55:45 logserver kernel: [12917.549905] init: rsyslog main process
ended, respawning
whenever I make firewall active,
logserver kernel: [13165.860905] Inbound IN=eth0 OUT=
MAC=b8:ac:6f:46:46:3b:b8:ac:6f:46:51:13:08:00 SRC=172.20.54.212
DST=172.20.54.213 LEN=104 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP
SPT=34590 DPT=10514 LEN=84
Sep 6 12:59:53 logserver kernel: [13165.861623] Inbound IN=eth0 OUT=
MAC=b8:ac:6f:46:46:3b:b8:ac:6f:46:51:13:08:00 SRC=172.20.54.212
DST=172.20.54.213 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=45302 DF PROTO=TCP
SPT=51400 DPT=10514 WINDOW=14600 RES=0x00 SYN URGP=0
Sep 6 12:59:54 logserver kernel: [13166.861239] Inbound IN=eth0 OUT=
MAC=b8:ac:6f:46:46:3b:b8:ac:6f:46:51:13:08:00 SRC=172.20.54.212
DST=172.20.54.213 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=45303 DF PROTO=TCP
SPT=51400 DPT=10514 WINDOW=14600 RES=0x00 SYN URGP=0
I am attaching screenshots of my firewall rules please have a look
outbound policy http://oi43.tinypic.com/2hgd9w7.jpg
inbound policy 1 http://oi43.tinypic.com/1zlpq4m.jpg
inbound policy 2 http://oi41.tinypic.com/2ce291f.jpg
Seeking for guidance,
Thanks !
*
--
*
*Cheers,
*
*Mayur*
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
