Syslog-ng is still running. Check you conf file for udp{} or tcp{} and remove them.
-----Original Message-----
From: Keg [mailto:redhat@xxxxxxxxxxx] Sent: Saturday, May 22, 2004 11:11 AM
To: General Red Hat Linux discussion list
Subject: Re: ARG: Xinetd is listening on port tcp:514????@
Ben Russo wrote:
Keg wrote:
I have shutdown syslog and looked at everything in /etc/xinetd.conf and /etc/xinetd.d/* and cannot find what is listening on TCP port 514.
What is binding to this port???
It is probably your syslog daemon. Try "netstat -nap | grep 514" or
[root@nms log]# grep 514 /etc/services
shell 514/tcp cmd # no passwords used
syslog 514/udp
[root@nms log]# netstat -nap | grep 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 29964/syslog-ng
udp 288 0 0.0.0.0:514 0.0.0.0:* 29964/syslog-ng
[root@nms log]# lsof -i | grep syslog
syslog-ng 29964 root 3u IPv4 1083907377 TCP *:shell (LISTEN)
syslog-ng 29964 root 5u IPv4 1083907378 UDP *:5050
syslog-ng 29964 root 6u IPv4 1083907379 UDP *:syslog
syslog-ng 29964 root 8u IPv4 1083907383 UDP nms.myco.com:42822->otherhost:5050
I forgot to mention I shut syslogd down.
??
-Chcuk
Yea, syslog-ng is what I am trying to install.
Here are the processeses running and listening sockets with xinetd NOT running:
syslog:~ #ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 May19 ? 00:00:05 init root 2 0 0 May19 ? 00:00:00 [migration/0] root 3 0 0 May19 ? 00:00:00 [migration/1] root 4 1 0 May19 ? 00:00:00 [keventd] root 5 1 0 May19 ? 00:00:02 [ksoftirqd_CPU0] root 6 1 0 May19 ? 00:00:00 [ksoftirqd_CPU1] root 11 1 0 May19 ? 00:00:00 [bdflush] root 7 1 0 May19 ? 00:00:00 [kswapd] root 8 1 0 May19 ? 00:00:00 [kscand/DMA] root 9 1 0 May19 ? 00:03:18 [kscand/Normal] root 10 1 0 May19 ? 00:01:31 [kscand/HighMem] root 12 1 0 May19 ? 00:00:01 [kupdated] root 13 1 0 May19 ? 00:00:00 [mdrecoveryd] root 21 1 0 May19 ? 00:00:01 [kjournald] root 79 1 0 May19 ? 00:00:00 [khubd] root 1143 1 0 May19 ? 00:00:00 [kjournald] root 1155 1 0 May19 ? 00:00:00 [kjournald] root 1165 1 0 May19 ? 00:00:00 [kjournald] root 1456 1 0 May19 ? 00:00:00 syslogd -m 0 root 1460 1 0 May19 ? 00:00:00 klogd -x root 1470 1 0 May19 ? 00:00:11 irqbalance rpc 1487 1 0 May19 ? 00:00:00 portmap rpcuser 1506 1 0 May19 ? 00:00:00 rpc.statd root 1567 1 0 May19 ? 00:00:00 [rpciod] root 1568 1 0 May19 ? 00:00:00 [lockd] root 1583 1 0 May19 ? 00:00:00 /usr/sbin/sshd root 1618 1 0 May19 ? 00:00:01 gpm -t ps/2 -m /dev/mouse root 1627 1 0 May19 ? 00:00:00 crond xfs 2169 1 0 May19 ? 00:00:00 xfs -droppriv -daemon daemon 2187 1 0 May19 ? 00:00:00 /usr/sbin/atd root 2198 1 0 May19 tty1 00:00:00 /sbin/mingetty tty1 root 2199 1 0 May19 tty2 00:00:00 /sbin/mingetty tty2 root 2200 1 0 May19 tty3 00:00:00 /sbin/mingetty tty3 root 2201 1 0 May19 tty4 00:00:00 /sbin/mingetty tty4 root 2202 1 0 May19 tty5 00:00:00 /sbin/mingetty tty5 root 2203 1 0 May19 tty6 00:00:00 /sbin/mingetty tty6 root 9236 1583 0 08:13 ? 00:00:00 /usr/sbin/sshd root 9238 9236 0 08:13 pts/0 00:00:00 -bash root 9288 9238 0 08:14 pts/0 00:00:00 ps -ef
syslog:~ #netstat -anp | grep LIST
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 1506/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1487/portmap tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1583/sshd unix 2 [ ACC ] STREAM LISTENING 1902 1618/gpm /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 3576 2169/xfs /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 16909 9236/sshd /tmp/ssh-XXqFMQ1t/agent.9236
Here are the running processes and listenning sockets when xinetd IS running:
syslog:~ #ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 May19 ? 00:00:05 init
root 2 0 0 May19 ? 00:00:00 [migration/0]
root 3 0 0 May19 ? 00:00:00 [migration/1]
root 4 1 0 May19 ? 00:00:00 [keventd]
root 5 1 0 May19 ? 00:00:02 [ksoftirqd_CPU0]
root 6 1 0 May19 ? 00:00:00 [ksoftirqd_CPU1]
root 11 1 0 May19 ? 00:00:00 [bdflush]
root 7 1 0 May19 ? 00:00:00 [kswapd]
root 8 1 0 May19 ? 00:00:00 [kscand/DMA]
root 9 1 0 May19 ? 00:03:18 [kscand/Normal]
root 10 1 0 May19 ? 00:01:31 [kscand/HighMem]
root 12 1 0 May19 ? 00:00:01 [kupdated]
root 13 1 0 May19 ? 00:00:00 [mdrecoveryd]
root 21 1 0 May19 ? 00:00:01 [kjournald]
root 79 1 0 May19 ? 00:00:00 [khubd]
root 1143 1 0 May19 ? 00:00:00 [kjournald]
root 1155 1 0 May19 ? 00:00:00 [kjournald]
root 1165 1 0 May19 ? 00:00:00 [kjournald]
root 1456 1 0 May19 ? 00:00:00 syslogd -m 0
root 1460 1 0 May19 ? 00:00:00 klogd -x
root 1470 1 0 May19 ? 00:00:11 irqbalance
rpc 1487 1 0 May19 ? 00:00:00 portmap
rpcuser 1506 1 0 May19 ? 00:00:00 rpc.statd
root 1567 1 0 May19 ? 00:00:00 [rpciod]
root 1568 1 0 May19 ? 00:00:00 [lockd]
root 1583 1 0 May19 ? 00:00:00 /usr/sbin/sshd
root 1618 1 0 May19 ? 00:00:01 gpm -t ps/2 -m /dev/mouse
root 1627 1 0 May19 ? 00:00:00 crond
xfs 2169 1 0 May19 ? 00:00:00 xfs -droppriv -daemon
daemon 2187 1 0 May19 ? 00:00:00 /usr/sbin/atd
root 2198 1 0 May19 tty1 00:00:00 /sbin/mingetty tty1
root 2199 1 0 May19 tty2 00:00:00 /sbin/mingetty tty2
root 2200 1 0 May19 tty3 00:00:00 /sbin/mingetty tty3
root 2201 1 0 May19 tty4 00:00:00 /sbin/mingetty tty4
root 2202 1 0 May19 tty5 00:00:00 /sbin/mingetty tty5
root 2203 1 0 May19 tty6 00:00:00 /sbin/mingetty tty6
root 9236 1583 0 08:13 ? 00:00:00 /usr/sbin/sshd
root 9238 9236 0 08:13 pts/0 00:00:00 -bash
root 9313 1 0 08:16 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root 9316 9238 0 08:16 pts/0 00:00:00 ps -ef
syslog:~ #netstat -anp | grep LIST
tcp 0 0 0.0.0.0:512 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 1506/rpc.statd tcp 0 0 0.0.0.0:513 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 127.0.0.1:32776 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1487/portmap tcp 0 0 0.0.0.0:13782 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1583/sshd tcp 0 0 0.0.0.0:13783 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 0.0.0.0:13722 0.0.0.0:* LISTEN 9313/xinetd tcp 0 0 0.0.0.0:13724 0.0.0.0:* LISTEN 9313/xinetd unix 2 [ ACC ] STREAM LISTENING 1902 1618/gpm /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 3576 2169/xfs /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 16909 9236/sshd /tmp/ssh-XXqFMQ1t/agent.9236
As you can see that xinetd is the process bound to port 514. If I look at the xinetd config, here are the only entries that are enabled:
syslog:/etc/xinetd.d #grep -i disable * | grep no
bpcd: disable = no
bpjava-msvc: disable = no
nrpe: disable = no
rexec: disable = no
rlogin: disable = no
rsh: disable = no
rsync: disable = no
telnet: disable = no
vnetd: disable = no
vopied: disable = no
syslog:/etc/xinetd.d #cat /etc/xinetd.conf # # Simple configuration file for xinetd # # Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}includedir /etc/xinetd.d
I am at a loss. I don't see how the services that are enabled in xinetd are binding to 514, but something is. This is also a vanilla install of RH9 with all update including kernel.
Any ideas anyone?
Thx, Chuck
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
