FC1 syslogd configuration to accept remote messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm trying to configure a ZyWALL 35 and syslog on an FC1 box for logging. The firewall's syslog settings are:

Active [X]
Syslog Server "FC1 box's private ip address"
Log Facility Local1

On the FC1 box, I edited /etc/rc.d/init.d/syslog.
Specifically, the line:

SYSLOGD_OPTIONS="-m 0 -r"

I added the ' -r'.

/etc/syslog.conf was also edited. The line:

local1.*               /var/log/zyxel/zw30.log

was added to the bottom of the file. the directory /var/log/zyxel exists, and I restarted the syslogd service. Even rebooted the system. The zw30.log file was created, but it remains empty. The firewall log entries aren’t showing up in 'messages' or any of the other logs either, not that they should. Ethereal indicates that the firewall is attempting to send log entries to the syslog server. The capture has packets like:

Source         Destination      Protocol      Info
-------------------------------------------------------------------------
Firewall IP     FC1 Box IP     Syslog        Local1.info..
FC1 Box IP   Firewall IP       ICMP          Dest. host unreachable

The packets show up in pairs...the Syslog and ICMP dest. host unreachable packets. Likely related to the problems with syslogd not getting any logging info from the firewall. The FC1 box is able to ping the firewall. Also, in the firewall logs (on the firewall itself) are a lot of entries like:

Time
07/08/2004 15:51:55

Message
Unsupported/out-of-order ICMP: ICMP(type:3, code:3)

Source
FC1 Box IP

Destination
Firewall IP

Note
ACCESS BLOCK

 

'man syslogd' on the FC1 box states that in addition to starting with the '-r' option, the /etc/services file must have the line:

'syslog              514/udp'

That line is there. The man page says "If this entry is missing syslogd neither can receive remote [syslog] messages nor send them, because the UDP port can't be opened." According to NMap, 514/UDP doesn't appear to be open, so this may be the problem. Later in the syslogd manual it states, "The UDP socket used to forward messages to remote hosts or to receive messages from them is only opened when it is needed." Perhaps the reason NMap didn't detect 514/UDP as an open port? Earlier I disabled firewalling features on the FC1 box altogether for testing purposes, so it's not an FC1 firewall getting in the way.

 

Any suggestions/tips are much appreciated. Note that I posted this to fedora-list because I think the issue is a config prob on the FC1 box rather than on the firewall.

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux