Probably silly Q

Craig White craigwhite at azapple.com
Wed Mar 8 13:28:28 UTC 2006 

On Wed, 2006-03-08 at 01:43 -0500, Gene Heskett wrote:
> On Wednesday 08 March 2006 01:03, Craig White wrote:
> >On Wed, 2006-03-08 at 00:50 -0500, Gene Heskett wrote:
> >> Greetings all;
> >>
> >> My router has the ability to send access logs to an ip address,
> >> which is assignable.
> >>
> >> My thoughts are to setup a virtual eth0:1 at an unused local
> >> addresss in the 192.168.1 block, and simply copy everything that
> >> comes into that port off to a logfile, plugging that logfile into
> >> logrotates schedule and thereby keeping a log for forensic purposes.
> >>
> >> I've tried the usual culprits, like cat </dev/eth0:1, or dd
> >> if=/dev/eth0:1 but neither of those seems to work, lack of a device,
> >> and sure enough when I look in /devs on that old RH7.3 box, there
> >> are no eth* entries.
> >>
> >> I'm probably in one of those situations where I can't see the tree
> >> for all this forest in the way, so could someone toss me a clue
> >> please?
> >
> >----
> >don't bother with all that nonsense...your syslog has the ability to
> >accept, log, rotate, etc. from network devices...
> >
> >man syslogd /support for remote logging
> >
> >unless you feel like doing unnecessary gymnastics
> >
> >Craig
> 
> Ok, I've inserted that line in services thats needed for that to work,
> syslog          514/udp
> 
> And added the -r option to OPTIONS in the syslog file in /etc/sysconfig, 
> SIGHUPed syslogd, and turned the routers forwarding of the access log 
> to the main 192.168.x.x address of that machine.  But nothing is 
> appearing in either all.log or any other log with a recent timestamp.
> 
> Did I miss something?  Or is the linksys BEFSR41 routers logging to some 
> other unk (udp/tcp) port besides 514?
----
Let's keep this on list OK?

Firewall on Linux system blocking port 514 protocol UDP?

Logging will go into /var/log/messages unless you redirect it via
syslog.conf # man syslog.conf

Is there actually traffic ? you can use something like ethereal to trace
activity between router & Linux system

The RH 7.3 system may have a very different version of syslogd and
behave differently

Craig

More information about the fedora-list mailing list