Hallo,
ich benötige den Syslog (514/UDP) damit er die Infos von einen Router empfangen kann.
Unter ps sehe ich, dass der syslogd gestartet ist.
Der Eintrag in der syslog.conf:
syslog -/home/514.log
blieb Erfolglos.
netstat -na zeigte mir nicht den Port 514 an.
Aus den ganzen „man“ werde ich auch nicht klüger.
Kann einer mir einen praktischen Tip geben?
Es darf auch ein perl-script sein.
Danke Ralf
… und morgen putzen wir auf Anfrage den Popo
Hallo,
Aus den ganzen „man“ werde ich auch nicht klüger.
Mit welchem Satz genau hast Du Probleme?
---=[man (8) syslogd]=---
_[...]_
**SUPPORT FOR REMOTE LOGGING**
These modifications provide network support to the syslogd
facility. Network support means that messages can be for
warded from one node running syslogd to another node run
ning syslogd where they will be actually logged to a disk
file.
To enable this you have to specify the -r option on the
command line. The default behavior is that syslogd won't
listen to the network.
The strategy is to have syslogd listen on a unix domain
socket for locally generated log messages. This behavior
will allow syslogd to inter-operate with the syslog found
in the standard C library. At the same time syslogd lis
tens on the standard syslog port for messages forwarded
from other hosts. To have this work correctly the ser
vices(5) files (typically found in /etc) must have the
following entry:
syslog 514/udp
If this entry is missing syslogd neither can receive
remote messages nor send them, because the UDP port cant
be opened. Instead syslogd will die immediately, blowing
out an error message.
To cause messages to be forwarded to another host replace
the normal file line in the syslog.conf file with the name
of the host to which the messages is to be sent prepended
with an @.
For example, to forward ALL messages to a remote
host use the following syslog.conf entry:
# Sample syslogd configuration file to
# messages to a remote host forward all.
\*.\* @hostname
To forward all kernel messages to a remote host the
configuration file would be as follows:
# Sample configuration file to forward all kernel
# messages to a remote host.
kern.\* @hostname
If the remote hostname cannot be resolved at startup,
because the name-server might not be accessible (it may be
started after syslogd) you don't have to worry. Syslogd
will retry to resolve the name ten times and then com
plain. Another possibility to avoid this is to place the
hostname in /etc/hosts.
With normal syslogds you would get syslog-loops if you
send out messages that were received from a remote host to
the same host (or more complicated to a third host that
sends it back to the first one, and so on). In my domain
(Infodrom Oldenburg) we accidently got one and our disks
filled up with the same single message. :frowning:
To avoid this in further times no messages that were
received from a remote host are sent out to another (or
the same) remote host anymore. If there are scenarios
where this doesn't make sense, please drop me (Joey) a
line.
If the remote host is located in the same domain as the
host, syslogd is running on, only the simple hostname will
be logged instead of the whole fqdn.
In a local network you may provide a central log server to
have all the important information kept on one machine.
If the network consists of different domains you don't
have to complain about logging fully qualified names
instead of simple hostnames. You may want to use the
strip-domain feature -s of this server. You can tell the
syslogd to strip off several domains other than the one
the server is located in and only log simple hostnames.
Using the -l option there's also a possibility to define
single hosts as local machines. This, too, results in
logging only their simple hostnames and not the fqdns.
The UDP socket used to forward messages to remote hosts or
to receive messages from them is only opened when it is
needed. In releases prior to 1.3-23 it was opened every
time but not opened for reading or forwarding respec
tively.
_[...]_
hi
ich benötige den Syslog (514/UDP) damit er die Infos von einen
Router empfangen kann.
Unter ps sehe ich, dass der syslogd gestartet ist.
Der Eintrag in der syslog.conf:
syslog -/home/514.log
blieb Erfolglos.
netstat -na zeigte mir nicht den Port 514 an.
netstat -atun zeigt glaub ich ein bisschen mehr
(hab gerade kein linux hier sonst könnt ich nachgucken)
was steht in der services ? ist da port 514 für syslog resverviert ?
Aus den ganzen „man“ werde ich auch nicht klüger.
da steht doch aber alles drin :-\
hast du denn die einträge gemacht die dort angegeben wurden und danach den dienst neu gestartet ? oder nur ein Reload gemacht ?
Gruß Hexerl
andere praktische Lösung
Hallo,
hier ist ein Miniperlscript für alle die etwas ähnliches brauchen: 514.pl
#!/usr/bin/perl -w
use strict;
use IO::Socket;
my ($hSock, $sLine);
$hSock = IO::Socket::INET->new( LocalPort => 514, Proto => ‚udp‘, Reuse => 1) or die „Ups,
socket: $@“;
print „Ok, Port 514-UDP ist aktiv\n“;
while ($hSock->recv($sLine, 1023))
{
print $sLine, „\n“;
}
die „Jetzt nicht!\n“;
ich benötige den Syslog (514/UDP) damit er die Infos von einen
Router empfangen kann.
Unter ps sehe ich, dass der syslogd gestartet ist.
Der Eintrag in der syslog.conf:
syslog -/home/514.log
blieb Erfolglos.
netstat -na zeigte mir nicht den Port 514 an.Aus den ganzen „man“ werde ich auch nicht klüger.
Kann einer mir einen praktischen Tip geben?
Es darf auch ein perl-script sein.Danke Ralf