On Jan 31, 2008 6:18 AM, morla <morla@cracksucht.de> wrote:
hi again....
even if there wanst much of a response, im back to report what i found....
maybe this will help anyone else who has a spelling problem and searches
on the interwebs for an explanation. :P
if you configure syslogd to log to a remote syslogserver, it will bind
to port 514/UDP, even if it doesn't get the -r option passed.
i find this really confusing... why would syslogd need to listen on any
interface just to send data to a remote server???
makes no sense for me at all...
if anybody has an idea or knows why syslogd behaves like that, it would
be very interesting to hear about it on the list... (imo).
"use the [source] luke"
$> apt-get source sysklogd
syslogd.c:
210: The default behavior has changed for security reasons. The
syslogd will not receive any remote message unless you turn reception
on with the "-r" option.
...
2431: if (Forwarding || AcceptRemote) { ... create_inet_socket()...
What I understand from this is:
The socket is created and ready for sending messages to a remote
syslog server, but without -r it will not receive any messages.
Correct me if I'm wrong.
Regards,