RE: Syslog Server on Debian Etch

To: "Douglas A. Tutty" <dtutty@porchlight.ca>, <debian-user@lists.debian.org>
Subject: RE: Syslog Server on Debian Etch
From: "Joel Roberts" <Joel.Roberts@pinkardcc.com>
Date: Tue, 6 Nov 2007 10:39:04 -0700
Message-id: <[🔎] 2CE4DD25946EB940B8EE93877AF62531FE367C@lwmailserver1.pinkard.com>
In-reply-to: <[🔎] 20071106151701.GA6894@titan.hooton>
References: <[🔎] 2CE4DD25946EB940B8EE93877AF62531FE3675@lwmailserver1.pinkard.com> <[🔎] 20071106151701.GA6894@titan.hooton>

Syslog was working fine on the clients, I had it installed to a diff
linux server and was trying to move it over. The issue was the location
of the sysklogd file. The walkthough I found told me to modify the
/etc/init.d/sysklogd file, when it should have been the
/etc/default/syslogd file. 

The syslog service is now running, listening on the correct port, and
receiving messages from the Juniper firewall, but it's going to the
/var/log/syslog file instead of the file I've indicated for the
filename, /mnt/hdb1/syslog/logfilename.log

Is anyone else monitoring Juniper Netscreen firewalls? Is there
something other than local7.debug I should be using to send it to the
logfile I want?

Thanks.

-----Original Message-----
From: Douglas A. Tutty [mailto:dtutty@porchlight.ca] 
Sent: Tuesday, November 06, 2007 8:17 AM
To: debian-user@lists.debian.org
Subject: Re: Syslog Server on Debian Etch

On Tue, Nov 06, 2007 at 08:05:39AM -0700, Joel Roberts wrote:
> I'm trying to configure a syslog server on Debian Etch, but so far the
> only walkthrough I've found is for Debian Sarge. The walkthrough says
to
> modify the /etc/init.d/sysklogd file at the line that says: SYSLOGD=""
> and change it to SYSLOGD="-r -m0"
> 
> There is no such line in the sysklogd file. I added it, but it doesn't
> seem to be logging. Have stopped and restarted the service, rebooted
the
> server and still my log file is at 0 bytes.
> 
> In the /etc/syslog.conf, I added the line:
> 
> Local7.debug    /mnt/hdb1/syslog/logfilename.log
> 
> And it did automatically create the file, but nothing's going into it
> from either the Netscreen firewall or the test Windows server. And I
> don't see anything listening on port 514 with a netstat.
> 
> Anyone know a way to jumpstart it to get it running? Thanks in
advance.
> 

On the sending machine, you put something like:

*.* 	@logger.my.domain

On the receiving hosts, syslogd needs the -r parameter.

This is placed in /etc/default/syslogd

You'll also have to open the appropriate port in any firewall (both on
the reciving and sending boxes).

Then I'd reboot all systems; the logger server first, followed by the
logger clients.

Doug.

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Follow-Ups:
- RE: Syslog Server on Debian Etch ***SOLVED***
  - From: "Joel Roberts" <Joel.Roberts@pinkardcc.com>

References:
- Syslog Server on Debian Etch
  - From: "Joel Roberts" <Joel.Roberts@pinkardcc.com>
- Re: Syslog Server on Debian Etch
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

Prev by Date: Re: The problem with modern hardware... (Re: Programmers Text Editor)
Next by Date: Re: Programmers Text Editor
Previous by thread: Re: Syslog Server on Debian Etch
Next by thread: RE: Syslog Server on Debian Etch ***SOLVED***
Index(es):
- Date
- Thread