Thread Info
  • State Not Answered
  • Replies 5 replies
  • Subscribers 0 subscribers
  • Views 1606 views
  • Users 0 members are here
Options
Suggested

[8.162][NOTABUG][CLOSED] Log Management Other Devices

danodemano
Not sure if this is a bug or not.  I have the log management setup in 8.162 and it seems to be working great for the Astaro box itself.  According to the getting started guide you can use: 

*.* @10.10.10.10:10101

To have a remote Linux box send it's logs over to the Astaro box.  I have added this into two of my Linux boxes (a Debian and Fedora box) but it doesn't seem to be working (I did change the IP to the LAN address of my Astaro box).  In fact, I can't even see anything running on port 10101 on the Astaro box.  If I telnet to the Astaro box on 10101 I get nothing at all.  A quick list of the open ports doesn't show anything using 10101: 

gateway:/root # sudo netstat -lptu

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 *:18080                 *:*                     LISTEN      8732/httpproxy

tcp        0      0 db_host.local:18081     *:*                     LISTEN      8732/httpproxy

tcp        0      0 db_host.local:smux      *:*                     LISTEN      8038/snmpd

tcp        0      0 *:scientia-ssdb         *:*                     LISTEN      8603/frox

tcp        0      0 *:submission            *:*                     LISTEN      6579/exim

tcp        0      0 db_host.local:15723     *:*                     LISTEN      4987/aua.bin

tcp        0      0 db_host.loc[:D]yna-access *:*                     LISTEN      9248/clamd

tcp        0      0 *:http-alt              *:*                     LISTEN      8732/httpproxy

tcp        0      0 *:smtps                 *:*                     LISTEN      6579/exim

tcp        0      0 db_host.lo:search-agent *:*                     LISTEN      8602/cssd

tcp        0      0 10.242.2.1[:D]omain       *:*                     LISTEN      5968/named

tcp        0      0 rrcs-98-102-254-[:D]omain *:*                     LISTEN      5968/named

tcp        0      0 rrcs-98-102-254-[:D]omain *:*                     LISTEN      5968/named

tcp        0      0 rrcs-98-102-254-[:D]omain *:*                     LISTEN      5968/named

tcp        0      0 gateway[:D]omain          *:*                     LISTEN      5968/named

tcp        0      0 gateway[:D]omain          *:*                     LISTEN      5968/named

tcp        0      0 db_host.local[:D]omain    *:*                     LISTEN      5968/named

tcp        0      0 *:ssh                   *:*                     LISTEN      8425/sshd

tcp        0      0 *:4472                  *:*                     LISTEN      7907/confd [listene

tcp        0      0 *[:P]ostgresql            *:*                     LISTEN      5326/postgres

tcp        0      0 *:smtp                  *:*                     LISTEN      6579/exim

tcp        0      0 *:https                 *:*                     LISTEN      8501/httpd

tcp        0      0 *:nv-video              *:*                     LISTEN      8501/httpd

tcp        0      0 *:44444                 *:*                     LISTEN      8473/openvpn

tcp        0      0 *:18080                 *:*                     LISTEN      8732/httpproxy

tcp        0      0 ip6-localhost:18081     *:*                     LISTEN      8732/httpproxy

tcp        0      0 *:http-alt              *:*                     LISTEN      8732/httpproxy

tcp        0      0 *:ssh                   *:*                     LISTEN      8425/sshd

tcp        0      0 *[:P]ostgresql            *:*                     LISTEN      5326/postgres

tcp        0      0 *:nv-video              *:*                     LISTEN      8501/httpd

udp        0      0 db_host.loca:ipsec-msft *:*                                 8085/pluto

udp        0      0 gateway:ipsec-msft      *:*                                 8085/pluto

udp        0      0 rrcs-98-102-:ipsec-msft *:*                                 8085/pluto

udp        0      0 rrcs-98-102-:ipsec-msft *:*                                 8085/pluto

udp        0      0 rrcs-98-102-:ipsec-msft *:*                                 8085/pluto

udp        0      0 gateway:ipsec-msft      *:*                                 8085/pluto

udp        0      0 *:snmp                  *:*                                 8038/snmpd

udp        0      0 10.242.2.1[:D]omain       *:*                                 5968/named

udp        0      0 rrcs-98-102-254-[:D]omain *:*                                 5968/named

udp        0      0 rrcs-98-102-254-[:D]omain *:*                                 5968/named

udp        0      0 rrcs-98-102-254-[:D]omain *:*                                 5968/named

udp        0      0 gateway[:D]omain          *:*                                 5968/named

udp        0      0 gateway[:D]omain          *:*                                 5968/named

udp        0      0 db_host.local[:D]omain    *:*                                 5968/named

udp        0      0 *:bootps                *:*                                 9053/dhcpd

udp        0      0 db_host.local:isakmp    *:*                                 8085/pluto

udp        0      0 gateway:isakmp          *:*                                 8085/pluto

udp        0      0 rrcs-98-102-254-:isakmp *:*                                 8085/pluto

udp        0      0 rrcs-98-102-254-:isakmp *:*                                 8085/pluto

udp        0      0 rrcs-98-102-254-:isakmp *:*                                 8085/pluto

udp        0      0 gateway:isakmp          *:*                                 8085/pluto

udp        0      0 10.242.2.1:ntp          *:*                                 8485/ntpd

udp        0      0 gateway:ntp             *:*                                 8485/ntpd

udp        0      0 rrcs-98-102-254-67.:ntp *:*                                 8485/ntpd

udp        0      0 rrcs-98-102-254-68.:ntp *:*                                 8485/ntpd

udp        0      0 rrcs-98-102-254-70.:ntp *:*                                 8485/ntpd

udp        0      0 gateway:ntp             *:*                                 8485/ntpd

udp        0      0 db_host.local:ntp       *:*                                 8485/ntpd

udp        0      0 *:ntp                   *:*                                 8485/ntpd

udp        0      0 *:42108                 *:*                                 8732/httpproxy

udp        0      0 *:snmp                  *:*                                 8038/snmpd

udp        0      0 ip6-localhost:isakmp    *:*                                 8085/pluto

udp        0      0 ip6-localhost:ntp       *:*                                 8485/ntpd

udp        0      0 *:ntp                   *:*                                 8485/ntpd


Is there something I'm not doing correctly or is this feature just not completed yet.  Thanks so much!
Parents
  • 0
    Hi danodemano,

    Not sure if this is a bug or not.  ...  A quick list of the open ports doesn't show anything using 10101: 

    gateway:/root # sudo netstat -lptu


    Is there something I'm not doing correctly ...


    First of all, if you want to see the port numbers, you should add the -n switch to your netstat call: 

    kbr03:/root # netstat -lptun |grep syslog

    tcp        0      0 0.0.0.0:10101           0.0.0.0:*               LISTEN      5934/syslog-ng      

    udp        0      0 0.0.0.0:10101           0.0.0.0:*                           5934/syslog-ng      


    But usually this is not the root of the problem. Do you see any syslog-related error messages in the system.log?
  • 0 in reply to kbr
    Thanks for the reply!

    I knew I needed the n, not sure why I missed it.  Anyway, netstat -lptun |grep syslog returns nothing so maybe the syslog dameon isn't running?  I attached the system log to this post but I don't see any errors related to syslog.

    Here are a few screenshots also:

    Log management shows running:


    The local Astaro box is showing, just not sure why it's in the twice.  Once by name and once by IP:


    There are events being captured:


    I'm using rsyslog on the other devices I'm trying to have log to Astaro if it matters.  I was reading in the help file for it that it uses a double @ but I've tried it both ways and I get nothing either way.  Should I be able to telnet to 10101 and get some type of response?
    If there is any other info I can provide I would be happy to do so.  Thanks!!
    logfiles_20110404081714.zip
Reply
  • 0 in reply to kbr
    Thanks for the reply!

    I knew I needed the n, not sure why I missed it.  Anyway, netstat -lptun |grep syslog returns nothing so maybe the syslog dameon isn't running?  I attached the system log to this post but I don't see any errors related to syslog.

    Here are a few screenshots also:

    Log management shows running:


    The local Astaro box is showing, just not sure why it's in the twice.  Once by name and once by IP:


    There are events being captured:


    I'm using rsyslog on the other devices I'm trying to have log to Astaro if it matters.  I was reading in the help file for it that it uses a double @ but I've tried it both ways and I get nothing either way.  Should I be able to telnet to 10101 and get some type of response?
    If there is any other info I can provide I would be happy to do so.  Thanks!!
    logfiles_20110404081714.zip
Children
No Data
Cookie Information Banner