On Thu, 6 Sep 2018 at 14:11, Adam Tauno Williams <awilliam@xxxxxxxxxxxxx> wrote:
>
> Attempting to lookup why rsyslogd is listening on the high port
> UDP/51427. Have not succeeded in what this port is used for and what
> directive controls what interface it binds to.
>
> [root@bedrock ~]# netstat --listen --inet --program --numeric | grep syslog
> udp 0 0 0.0.0.0:51427 0.0.0.0:* 66655/rsyslogd
>
I don't think that is really rsyslogd running.. first rsyslogd usually
is running with a much lower pid as it starts early on. All the boxes
I saw had it running under 1000. If the system is set up to actually
listen to the internet it will look like
[root@log01 ~][PROD]# netstat --list --inet --program --numeric | grep rsys
tcp 0 0 0.0.0.0:514 0.0.0.0:*
LISTEN 1078/rsyslogd
tcp 0 0 0.0.0.0:5000 0.0.0.0:*
LISTEN 1078/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:*
1078/rsyslogd
and those are set in /etc/rsyslogd.conf
[root@log01 ~][PROD]# egrep '514|5000' /etc/rsyslog.conf
$UDPServerRun 514
$InputTCPServerRun 514
$InputTCPServerRun 5000
I would do a ps auxww | grep 66655 and see what is running and then
check to see if that binary is what it is supposed to be.
> --
> Adam Tauno Williams <mailto:awilliam@xxxxxxxxxxxxx> GPG D95ED383
> OpenGroupware Developer <http://www.opengroupware.us/>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
--
Stephen J Smoogen.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
