| View previous topic :: View next topic |
| Author |
Message |
r0bbyr0b
n00b
Joined: 26 Apr 2003
Posts: 18
|
 Posted: Fri May 02, 2003 12:08 pm Post subject: Makeing Syslog work with my firewall/router |
 |
|
Hello,
I've recently got Gentoo install sucessfully as a server, but would like it to log stuff from my firewall. My firewall is a Vigor 2600 Firewall/Router (http://www.draytek.com.tw/english/product/vigor2600_x_w_we.php)
I have in the router settings the ability to turn on syslog, so I have typed in the Ip address, and destination port of 514 for the Gentoo server.
This is where i get confused. I'm completley new to syslog, but as i understand it I can make the router/firewall send log files to the Gentoo server.
I have installed syslogkd to the server and it starts automatically. What else do I need to do - I presume I need to open up port 514, but how can i VIEW these log files?
Any help would be appreciated.
Thanks!!
Robert |
|
| Back to top |
|
 |
shadow255
Guru
Joined: 04 Apr 2003
Posts: 412
|
| Posted: Fri May 02, 2003 4:33 pm Post subject: |
|
|
If your server is allowing UDP connections on port 514 from your router, you should see entries in the file /var/log/messages. Assuming that you have no entry in /etc/hosts for your router's ip and your router has ip 10.0.0.1, they'll look something like this: | Code: | | May 2 08:59:55 10.0.0.1 Unrecognized access from 69.10.14.68:22 to TCP port 22 |
If you've made an entry in hosts for that ip then you'll see the router's name on the line instead of the ip address. The message for failed packets may differ significantly from my example, but this should get you pointed in the right direction.
If you want the entries to be written to separate logfiles, you're going to need to learn a bit about the file /etc/syslog.conf. Basically, you need to teach syslog to recognize the log source and filter it off to the separate file - something I haven't done yet, by the way 
If you don't see any entries in /var/log/messages coming from the router, then you may need to check /etc/hosts.allow and make sure that your router's ip address is included in the allowed hosts for syslog. The entry should look like this (I'm again assuming that router's ip is 10.0.0.1):
I hope this helps you!
_________________
Vogon poetry is of course the third worst in the Universe. -- Douglas Adams, The Hitchhiker's Guide to the Galaxy |
|
| Back to top |
|
|
yodi
Tux's lil' helper
Joined: 14 May 2004
Posts: 88
Location: Liverpool, England
|
| Posted: Wed Jul 21, 2004 5:51 pm Post subject: |
|
|
I'm looking into doing a simular thing with a netgear router, although i'm not having much luck at the moment.
Also I had no /etc/hosts.allow and created one, I'm sure that I have seen this file in another location....
Anyway if I have any luck I will post back my success here 
_________________
All Servers :: Offline [no connection]
Gallery :: Visit Here
Homepage :: Visit Here
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
