Re: [SLUG] hosts.allow vs. syslogd vs. router

From: Eben King (eben1@tampabay.rr.com)
Date: Wed Oct 08 2003 - 21:48:42 EDT


On Wed, 8 Oct 2003, Andrew M. Hoerter wrote:

> So, if you're seeing nothing, either the device isn't sending out any
> syslog packets, or it's failing to ARP for the IP address of the syslog
> server. If you run tcpdump again without the "port syslog" bit, you'll
> see all traffic on that interface, including any possible ARP requests
> that are failing.

I ran /tcpdump -i eth0 -l | grep -i "arp "', and got a lot of ARP
requests a few seconds after I restarted the router. It's ARPing many
machines in *.tampabay.rr.com, as well as in other ISPs, and my machine,
and others on my subnet. Mine succeeded, so I'm partial to the "no syslog
packets" hypothesis.

> The only other possibilities I can think of are packet filter settings
> on the device preventing the syslog data from leaving,

Hm, couldn't find one, but maybe USR tech support has an idea. I've
contacted them; I'll see what they say.

> some kind of bizarre switch problem isolating the syslog server from the
> device.

No, the syslog server is plugged directly into the router (4*10/100 +
802.11g).

> But if you can telnet/ping/etc. from one to the other,

Yup. At least syslog server -> router; can't log into the router, as it's
not running anything as flexible as IOS... strictly web-based
configuration. :-(

> it's probably just a problem with the device itself. (perhaps you
> already mentioned whether that works, I don't recall)

Other than logging, the device works fine.

> > When I hit ^C, tcpdump prints
> >
> > <number> packets received by filter
> >
> > That's <number> on all ports, yes?
>
> Actually, it depends on the platform running tcpdump. Sometimes it's
> the total number of packets received by tcpdump on that interface,
> sometimes it's only those packets that matched the filter expression.

Then it would report "0 packets received" for syslog, yes?

-- 
-eben    ebQenW1@EtaRmpTabYayU.rIr.OcoPm    home.tampabay.rr.com/hactar

Every normal man must be tempted at times to spit upon his hands, hoist the black flag, and begin slitting throats. -- H.L. Mencken

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:55:43 EDT