That's not a "problem", per se...it's a potential security hole that's not enabled. If it were enabled, by default, and you weren't on a secured network, what's to stop someone from trying to DoS your machine by flooding your syslog port? <G> I am glad you found your answer, though. On Fri, 19 Sep 2003, Gregory Gulik wrote: > > Sorry for replying to my own question but I found the answer buried in > one of Cisco's on-line documents and wanted to make sure it got recorded > in the archives in case someone else runs into this problem: > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094030.shtml > > The problem is that the syslogd used by Red Hat by default does not > accept syslog requests from the network. The "-r" option must be > specified in the /etc/sysconfig/syslog file for it to do so. > > > Gregory Gulik wrote: > > > > I've noticed this in the past but now it's getting really annoying. > > There are certain devices that for some reason can't log to syslog on my > > RH9 server. > > > > In this particular case I have a Cisco router configured as such: > > > > logging facility local1 > > logging 192.168.1.2 > > > > 192.168.1.2 is the IP of my RH9 server. On that server I have the > > following in /etc/syslog.conf: > > > > local1.notice /var/log/router.log > > > > The file does exist and all that yet nothing ever gets recorded to it. I > > also have an old Solaris box on the network running Solaris 8 and it has > > an identical configuration for syslog and when I configure the Cisco to > > use that IP address I always get events logged. > > > > I've also seen this with other routers in the past and not just this > > Cisco. I always assumed that the other router was doing something wrong > > but I kind of have to assume the Cisco is doing it right, especially if > > the logs do go to the Sun on the same LAN. > > > > What's going on? > > > > > > -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 To be notified of updates to the web site, send a message to: site-update-request@xxxxxxxxxxxxxxxxx with a message of: subscribe -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
