Firewall Wizards mailing list archives
Re: pix syslog & linux
From: "Seth Art" <sethsec () gmail com>
Date: Thu, 18 May 2006 08:03:23 +0000
One more (maybe obvious) suggestion: Make sure you open up UDP 514 in IPTables, etc. if your using a FW on the host. A couple of weeks ago I ran the tcpdump and saw the traffic coming in as you do, but forgot that iptables was dropping it before it got to syslogd. Doh! Regards, Seth On 5/16/06, Paul D. Robertson <paul () compuwar net> wrote:
On Mon, 15 May 2006, kurt x wrote:Any suggestion?1. Linux syslogd doesn't listen on a network socket by default, so you have to start syslogd with -r. Check to see if you're listening with netstat -nr. 2. Most Linux dostributions these days packet filter services by default. If you're listening and not logging, it's likely to be a packet filtering issue. Add permission for syslog to your filtering rules to fix it. Both of these are *good* things, as they've reduced the vulnerability surface of the platform significantly. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://fora.compuwar.net Infosec discussion boards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- pix syslog & linux kurt x (May 16)
- Re: pix syslog & linux Paul D. Robertson (May 16)
- Re: pix syslog & linux Aaron Smith (May 16)
- Re: pix syslog & linux Seth Art (May 19)
- Re: pix syslog & linux Paul D. Robertson (May 16)