Security :: Configure Shorewall To Allow Syslog Messages From Router?
Jan 29, 2011
I have my system set up to where the router(dd-wrt) will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions: How can I configure shorewall to allow the messages from my router? If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
On this Ubuntu 8.04.4 LTS server, I want to log the messages from a Linksys router. So I made this change to "/etc/init.d/sysklogd" SYSLOGD="-r" Then in "/etc/syslog.conf" I added the following to the top of the file: Code: if $fromhost isequal 'Linksys' then /var/log/Linksys.log & ~
Then I rebooted the server. But there is no "/var/log/Linksys.log" file.
Is it possible to configure the RHEL 5.5 syslog to accept SNMP traps? That is I want to use a central logging server to pick up other systems syslogs, and SNMP messages from systems that cannot use remote syslog functions.
I've got a Shorewall (Shoreline?) firewall up and running, but it's logging to /var/log/messages. I'd much rather have it logging to another location e.g. /var/log/firewall but can't find (a clear enough) explanation on how to do this. Apparently, it varies greatly depending on the distro, the kernel, and the version of Shorewall that is running. You'd think it would be something as simple as setting a path in a config file, but apparently not. I'm running a stock Lenny kernel on the firewall machine. It comes with version 4.0.15 of Shorewall.
I wrote a script which will run in ubuntu box and will display in tty1, without loading the gdm. The problem is when I plugged in a usb drive it will cause some messages to be printed into the current tty user logged in.
Like : [sdb] Assuming drive cache: write through
This is really disturbing when a user is running the script. Is there anyway that I can direct all the messages to some other tty which I don't use.
I want read the log messages to my 'c' application , i am using the fedora core 8 operating system , how to read the system log messages(syslog) through my application.
I would expect this behavior if "domain.com and anotherdomain.com" wasn't a domain that I hosted. But this is a valid domain that this server should be answering for. In my named.conf I do have the
Quote:
allow-query { any; };
option on every zone. This is my slave server and I have the primary shut off so I can test this slave server. FYI: So far queriers still seem to be working. The pages for the sites are still coming up via the internet.
I am facing an issue with my syslog server. The server is collecting remote log also. and the issue is no log messages are updated in /var/log/messages file. But other files are getting updated.
[root@Server1 ~]# cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen.
I am facing a problem while trying to log SSH messages in a separate file, say, /var/log/ssh_logs. I have tried modifying the syslog-ng.conf file as follows:
RHEL 5.4 i want to be able to do redistribution of inbound syslog messages to syslogd. as example, my syslog.conf has in it at the end:
*.* @192.168.5.5 *.* @192.168.5.6
my sysconfig/syslog file has "-r" as the only option for syslogd. any messages generated by the localhost will be sent to the two remote servers, but messages that come into this box (udp 514) only get logged locally and do not get sent out to the remote hosts.
you may ask why do i want to do this. because i have several syslog servers (for security purposes) and many of my net devices are configured to send syslog to all the syslog servers, hence each device is sending way too much duplicate udp-514. so i would like to minimize the udp-514 coming out of the devices, have all devices send to a central syslog server, and then central syslog server do distribution to the other syslog servers. others have also called this "syslog proxy". or, if not with syslogd, how to achieve this (preserving the original syslog message host info, etc)?
- I have wireless and don't normally use an ethernet cable. From Googling round I found this bug report https://bugs.launchpad.net/ubuntu/+s...ux/+bug/270184 which appears to match the problem, however I do not feel happy/competent enough to recompile the driver as suggested in the bug fix. Is there a way to configure the driver so that it only tries the eth0 connection a limited number of times? This is Ubuntu 8.04 2.4.26-27 and SIS 191 chipset
I've just configured my Linksys RVS-4000 router to syslog messages to remote syslogd server (i.e. my CentOS5 machine). Redirecting messages was easy, but now I'm having difficulties to redirect those same messages received from Linksys to a separate log file. By default, all these messages are logged to /var/log/messages, and after browsing manual pages for syslog, syslog.conf, and syslogd, came to suspect that what I want isn't possible.
What i'm trying to accomplish seems rather silly but is needed for my little project here.
I'm using OpenSuSE 11.2 as a media center PC and need it to login automatically(console not X). That one i accomplished without problems.
However, after login i can see all the info about the services that were started and that needs to "go away".
One could do a "clear" in the .bash_rc and or .bash_profile but it will still show the login prompt which i don't want to see either (i don't even want to see the blinking cursor as well).
Question: How do i accomplish that so that the login console shows only the "splash screen" without any output of the kernel,rc.status nor the "issue-file"... just a plain blank screen ?
I need to be able to send snmp traps based on certain severity or content of syslog messages. Can this be done from standard linux? Alternatively, are there MIB's out there that support syslog events so I can get the status from snmp?
GNOME has adopted the pulseaudio infrastructure and it has grave errors reading from ALSA sinks. One of the many effects is that every 2 or 3 seconds a 3 line error message is written to the syslog to the effect of 'ALSA woke us up...blah blah blah' and it is filling up everyone's syslog. What I need is a workaround to just stop these messages from being written so I can level set and figure out a long term course of action.
I got Shorewall firewall all Set-up perfect but I'm stuck at 1 last bit. The aim is to let on 2 clients max onto my server. I have the policy setup in webmin as. Uploaded with ImageShack.us More than 2 clients can get onto the server. The aim is to have it as a ddos protection allowing 100 clients on and a max burst of 10 clients at a time.
I'm running a cobalt raq550 web server (Linux version 2.6) and I want to install a syslog program on it, something that could log messages and send me an instant email in response to certain messages it receives. Is there such a program?
I have the Shorewall firewall running on Ubuntu 10.10 server and the issue I am having is the firewall is blocking traffic from my transmission-daemon even though I have allowed it in the /etc/shorewall/rules.
as you can see, Shorewall is rejecting packets with source and destination port 51413 on incoming net2fw and outgoing fw2net even though the rules are set to accept.
More than 7 G bytes were logged to the messages file last three weeks I got this message in /var/log/messages I want to stop this messaging cause it takes to much space
I wish to prevent the samba messages (mainly nmbd and winbindd) from appearing in the system log (/var/log/messages). I want to allow samba logging to the standard samba logfiles, but prevent the syslog getting clogged up by samba. I added syslog = 0 to smb.conf and reloaded the config but the messages were still appearing. I also tried the following (and restarted the syslog via /sbin/service syslog restart) # Suppress messages from samba.
For interests sake the messages I'm getting are below (I'm not concerned about the messages themselves, I can chase them up at my leisure via the samba logs) Mar 18 09:58:29 SERVER nmbd[3808]: query_name_response: Multiple (2) responses received for a query on subnet xx.yy.z.zz for name DOMAIN<1d>. Mar 18 09:58:29 SERVER nmbd[3808]: This response was from IP xx.yy.z.zz, reporting an IP address of xx.yy.z.zz.
I have a syslog server which is logging locally and also receiving syslogs from another device. The other device doesnt allow you to change the facility. The facility it is using is "4 - security/authorization messages". Is there anyway to configure syslog so that it writes the sec/auth logs in different places for both the local machine and the remote machine?
CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -
Requests with error response codes 404 Not Found /admin/phpmyadmin/scripts/setup.php: 1 Time(s) /admin/pma/scripts/setup.php: 1 Time(s) /admin/scripts/setup.php: 1 Time(s) /db/scripts/setup.php: 1 Time(s) /dbadmin/scripts/setup.php: 1 Time(s) [Code]...
The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.
I was just looking around and did a tail on my syslog and some strange entries came up:
[Code].....
I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?
In order to mitigate risks linked to the use of the classic syslog protocol (spoof, replay, tampering, lost messages...) I am looking for a product implementing the syslog-sign capability: [URL] which is still a draft in the IETF for the moment. On NetBSD, the sylog daemon is able to run this feature: [URL]. Did anybody tried this feature on a Linux system?
