I found the answer, in the Report Settings on the NetScreen firewall, I had the syslog reporting going to LOCAL0 instead of LOCAL7. When I changed it to LOCAL7, the file I specified started receiving the messages.
Thanks for the input on getting syslog up and running correctly. -----Original Message----- From: Joel Roberts [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 06, 2007 10:39 AM To: Douglas A. Tutty; debian-user@lists.debian.org Subject: RE: Syslog Server on Debian Etch Syslog was working fine on the clients, I had it installed to a diff linux server and was trying to move it over. The issue was the location of the sysklogd file. The walkthough I found told me to modify the /etc/init.d/sysklogd file, when it should have been the /etc/default/syslogd file. The syslog service is now running, listening on the correct port, and receiving messages from the Juniper firewall, but it's going to the /var/log/syslog file instead of the file I've indicated for the filename, /mnt/hdb1/syslog/logfilename.log Is anyone else monitoring Juniper Netscreen firewalls? Is there something other than local7.debug I should be using to send it to the logfile I want? Thanks. -----Original Message----- From: Douglas A. Tutty [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 06, 2007 8:17 AM To: debian-user@lists.debian.org Subject: Re: Syslog Server on Debian Etch On Tue, Nov 06, 2007 at 08:05:39AM -0700, Joel Roberts wrote: > I'm trying to configure a syslog server on Debian Etch, but so far the > only walkthrough I've found is for Debian Sarge. The walkthrough says to > modify the /etc/init.d/sysklogd file at the line that says: SYSLOGD="" > and change it to SYSLOGD="-r -m0" > > There is no such line in the sysklogd file. I added it, but it doesn't > seem to be logging. Have stopped and restarted the service, rebooted the > server and still my log file is at 0 bytes. > > In the /etc/syslog.conf, I added the line: > > Local7.debug /mnt/hdb1/syslog/logfilename.log > > And it did automatically create the file, but nothing's going into it > from either the Netscreen firewall or the test Windows server. And I > don't see anything listening on port 514 with a netstat. > > Anyone know a way to jumpstart it to get it running? Thanks in advance. > On the sending machine, you put something like: *.* @logger.my.domain On the receiving hosts, syslogd needs the -r parameter. This is placed in /etc/default/syslogd You'll also have to open the appropriate port in any firewall (both on the reciving and sending boxes). Then I'd reboot all systems; the logger server first, followed by the logger clients. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
