On Wed, 2006-03-08 at 01:43 -0500, Gene Heskett wrote: > On Wednesday 08 March 2006 01:03, Craig White wrote: > >On Wed, 2006-03-08 at 00:50 -0500, Gene Heskett wrote: > >> Greetings all; > >> > >> My router has the ability to send access logs to an ip address, > >> which is assignable. > >> > >> My thoughts are to setup a virtual eth0:1 at an unused local > >> addresss in the 192.168.1 block, and simply copy everything that > >> comes into that port off to a logfile, plugging that logfile into > >> logrotates schedule and thereby keeping a log for forensic purposes. > >> > >> I've tried the usual culprits, like cat </dev/eth0:1, or dd > >> if=/dev/eth0:1 but neither of those seems to work, lack of a device, > >> and sure enough when I look in /devs on that old RH7.3 box, there > >> are no eth* entries. > >> > >> I'm probably in one of those situations where I can't see the tree > >> for all this forest in the way, so could someone toss me a clue > >> please? > > > >---- > >don't bother with all that nonsense...your syslog has the ability to > >accept, log, rotate, etc. from network devices... > > > >man syslogd /support for remote logging > > > >unless you feel like doing unnecessary gymnastics > > > >Craig > > Ok, I've inserted that line in services thats needed for that to work, > syslog 514/udp > > And added the -r option to OPTIONS in the syslog file in /etc/sysconfig, > SIGHUPed syslogd, and turned the routers forwarding of the access log > to the main 192.168.x.x address of that machine. But nothing is > appearing in either all.log or any other log with a recent timestamp. > > Did I miss something? Or is the linksys BEFSR41 routers logging to some > other unk (udp/tcp) port besides 514? ---- Let's keep this on list OK? Firewall on Linux system blocking port 514 protocol UDP? Logging will go into /var/log/messages unless you redirect it via syslog.conf # man syslog.conf Is there actually traffic ? you can use something like ethereal to trace activity between router & Linux system The RH 7.3 system may have a very different version of syslogd and behave differently Craig
