+ Logging, Syslog and Log Anaylsys Forums » Forums » Syslog & syslogd
|-+ 

Logging over the network is not working
Username:
Password:
Home Help Search ^ Login Register
News:

Pages: [1]
0 Members and 1 Guest are viewing this topic. Topic Tools  
Read September 26, 2008, 05:32:04 am #0
kannan.ekanath

  • *
  • Newbie
  • Posts: 3
Logging over the network is not working
My logs are not getting through over to my network. Here is what I did,

Box1 - Added the two lines on /etc/syslog.conf
local6.*                                                @Box2
local6.*                                                /var/log/messages
*.debug                                                @Box2
*.debug                                                /var/log/messages

which means I redirect all debug messages and local6 facility messages to box2

Box2 - Added the line on /etc/syslog.conf
*.debug                                                /var/log/messages
local6.*                                               /var/log/messages

Now, my application sits on Box1 and the SyslogAppender (Java based log4j appender) writes to local6.err I would have expected it come over till Box2. That did not happen.

1) I went into Box1 and did a "kill -1 PID" (since this would send a debug message saying restarted teh service). This message came in Box1 as well as Box2
2) Only the log messages from the SyslogAppender is not coming through. I have no idea why, but when I examined Box1 I found the two lines,
Sep 25 15:08:43 hamdev114 syslogd 1.4.1: restart (remote reception)
Sep 25 15:11:06 localhost.localdomain BETEX Some error

The only difference between the two logs (first came through the network and the second did not) was that the debug log was sending the hostnaem as hamdev114 and the log4j appender sent it as localhost.localdomain. Could this be the problem?
Offline  
Read September 26, 2008, 06:28:27 am #1
kannan.ekanath

  • *
  • Newbie
  • Posts: 3
Re: Logging over the network is not working
I tried a simple
logger -p local6.err "some message"

and that reflected on Box1 and Box2
Offline  
Read September 26, 2008, 12:54:48 pm #2
mutex

  • *****
  • Administrator
  • Newbie
  • Posts: 782
Re: Logging over the network is not working
Are you seeing logs on Box1 from syslogappender?  in /var/log/messages?
Offline  
Read September 26, 2008, 05:08:38 pm #3
kannan.ekanath

  • *
  • Newbie
  • Posts: 3
Re: Logging over the network is not working
Yes I am seeing the message from Box1 /var/log/messages.

Also I wrote a Java program to send like 30 messages at a shot to Box1 (and hoped it will be copied onto Box2). In box1 I got
Sep..xx [IP from Java pgm was run] My Messagehere
Sep..xx syslogd The last message was repeated 29 times [which is fine, since I sent the same message 29 times]

I noticed one thing interesting in Box2. It did not get line 1 "My Messagehere". But it had the line
Sep..xx [Box1 IP] the last message was repeated 29 times.

So, the second line which was generated by a Box1 process was able to make it thru the network (and so did a simple logger command from Box1). It is only the Java Application that this syslog in Box1 cant make out.

FYI, I just run the syslogd with -m 0 -r option and I dont do any IP lockdown based on host names ....
Offline  
Pages: [1]
« previous next »
Jump to:  


Information Security News | Jerry Bell's blog | Enterprise IT | Tropical Fish Information | Tropical Fish Forums

Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC