Re: syslogd lsitening on per default
On Jan 31, 2008 6:18 AM, morla <morla@cracksucht.de> wrote:
> hi again....
>
> even if there wanst much of a response, im back to report what i found....
> maybe this will help anyone else who has a spelling problem and searches
> on the interwebs for an explanation. :P
>
> if you configure syslogd to log to a remote syslogserver, it will bind
> to port 514/UDP, even if it doesn't get the -r option passed.
>
> i find this really confusing... why would syslogd need to listen on any
> interface just to send data to a remote server???
> makes no sense for me at all...
>
> if anybody has an idea or knows why syslogd behaves like that, it would
> be very interesting to hear about it on the list... (imo).
"use the [source] luke"
$> apt-get source sysklogd
syslogd.c:
210: The default behavior has changed for security reasons. The
syslogd will not receive any remote message unless you turn reception
on with the "-r" option.
...
2431: if (Forwarding || AcceptRemote) { ... create_inet_socket()...
What I understand from this is:
The socket is created and ready for sending messages to a remote
syslog server, but without -r it will not receive any messages.
Correct me if I'm wrong.
Regards,
--
----)(-----
Luis Mondesi
Maestro Debiano
----- START ENCRYPTED BLOCK (Triple-ROT13) ------
Gur Hohagh [Yvahk] qvfgevohgvba oevatf gur fcvevg bs Hohagh gb gur
fbsgjner jbeyq.
----- END ENCRYPTED BLOCK (Triple-ROT13) ------
Reply to: