-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/15/09 16:03, Mike.lifeguard wrote: > Hello, > > I have a router which can send to a syslog server, so I have tried to > set that up. I've set the server IP on the router, and set an iptables > rule to accept the packets:
(SNIP) > However no messages are making it into the file. My two ideas are > 1) my iptables rule is wrong; and/or > 2) even though /etc/default/syslogd has SYSLOGD="-r" it isn't actually > using that option: > r...@binnie:~# ps aux | grep rsyslogd > syslog 650 0.0 0.0 34324 1332 ? Sl 17:24 0:00 > rsyslogd -c4 > i've used syslog-ng for quite a while, so i'm a bit unfamiliar with rsyslog, etc. however, i feel that a tcpdump showing UDP packets on "binnie" originating from the router may help you determine if it's a firewall issue or not. that'll at least tell you if it's even coming through or not. the following will create a pcap file (which if you prefer can be opened in wireshark as well, for others on the list, if your cli-fu is a bit weak) : sudo tcpdump -s 0 -w rsyslog.pcap -n src ROUTER and udp dst port 514 (where ROUTER is the router's IP) will write to a file called rsyslog.pcap in your current directory. i'd let that run for an arbitrary amount of time- i'd say a good 3-5 minutes, to make sure we get a sizeable capture. i don't know how you have the syslog configured so i can't get you a good idea on any other fine-tunings you can make. i'd also run: sudo netstat -tunlp|grep syslog to make sure that syslog is, in fact, running and listening for connections. let me know if this helps. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksoDKQACgkQ8u2Zh4MtlQooQgCfTtpoIOeGsUm9k6/eTxgbkiy/ puMAoMp72BO9xDRf1RsbJR8g/r3RoHnm =eL/t -----END PGP SIGNATURE----- -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
