[wplug] Syslogd on RH9 + Netgear FVS318 Firewall
Robert L. Jeffries
rl_jeffries at comcast.net
Sun Dec 21 23:57:49 EST 2003
Thanks for the reply. Yes, I am restarting syslogd after I make the
changes. And yes, I have iptables running... forgot about that.
So I edit /etc/sysconfig/iptables by adding (I replaced my
addresses with x's):
-A INPUT -s xxx.xxx.xxx.xxx -p udp -m udp --dport 514 -j ACCEPT
and then make sure that /etc/init.d/syslog has:
SYSLOGD_OPTIONS="-m 0 -r"
and after restarting iptables & syslog I check to see if the
port's open with a UDP scan using Nmap on UDP port 514:
sudo nmap -vv -sU -p 514 xxx.xxx.xxx.xxx
I get:
The 1 scanned port on xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) is:
closed
Just in case, I go to the router and tell it to send its syslog
to the linux box. But as one would expect with a closed port, no new
log entries are in /var/log/.
And, again, just in case, I reboot the linux box.
Not surprisingly, no new entries from the FVS318 after I send
the logs from it to the linux box. (btw where would these entries
go by default?)
Thanks for the help, any other suggestions would be appreciated.
rlj
-----Original Message-----
From: wplug-admin at wplug.org [mailto:wplug-admin at wplug.org] On Behalf Of
James O'Kane
Sent: Sunday, December 21, 2003 8:46 PM
To: wplug at wplug.org
Subject: Re: [wplug] Syslogd on RH9 + Netgear FVS318 Firewall
On Sun, 21 Dec 2003, Robert L. Jeffries wrote:
> SYSLOGD_OPTIONS="-m 0 -r"
This is the one I've had work for me. You're restarting syslog after
making the changes?
> I know I'm missing something. I don't know what it is. Any
> help would be appreciated.
Do you have iptables running on the linux machine? /etc/services says
syslog uses udp port 514.
-james
_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list