Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
Anonymous_User Absent Member.
Absent Member.
537 views

SLM - syslog over udp on port 514


how to configure SLM to listen for 'syslog over udp' traffic on port 514
?

I have configured the Cisco Router to send its logs to SLM, but SLM is
listening for syslog traffic on port 1514, while cisco sends syslog
messages to syslog server(SLM in this case) on syslog's default
port(514).

Regards,
Muhammad Sharfuddin


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: http://forums.novell.com/member.php?userid=63087
View this thread: http://forums.novell.com/showthread.php?t=454128

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: SLM - syslog over udp on port 514

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You cannot tell Log Manager to listen directly on port 514 because it is
lower than 1024 and non-root services cannot bind low ports. Instead
the recommendation (as mentioned I believe in the connector
documentation, if not the Log Manager documentation) is to setup the
host's firewall to forward data from 514 to 1514 where Log Manager is
listening. This happens by default on the appliance installs of Log
Manager as well as Sentinel 7.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPdf0CAAoJEF+XTK08PnB5+4QP/2X/wLtWDXhRzPhru4/WNcZd
88u/JjQtblmKAQikyvbCErPEVgQiSKAWWmqiAdnSAtgHoHS7S7wvqEX/p2bT4o3V
8Ipx3fll9XJor/bDWIcTbt3SFGUNA4nBLdtnhetJLD5sMPZ3IzCKZYcdlpwd9RQ7
gl9sB5hP3PUkrWEzyO6BUvZEDVw5MHAWn545sx62qwX4uWDRFMb7kh6Ojfkk+uRb
2+IM1+W/pHofSmD4yVNjQlgqsh5ztOVUMnmFY3raiVSye6QP4WHWzzzNNOwWAQKg
SWRPEXsBIGEkEl3/o6LBPAdkn7tpc+Tu3VR8e3QWV6U6n0Mkpfl07r8RzD1ugsGW
TxFADPPymh3chzeazr4tYGwxhcVXjntFyTfWlA9YprSLajpoPwT83HDptwWifyPM
dwR7DUQvXsx9nyZPcAzozPNccnhFXIfGZEl7duFst32vW9zWi6iv4colnR6t/Fgp
0AcuOjLhoKw9PXKwS7QCgnNpBZgvSiYncahpDTIQAtYBQltcGaaeErZJVc3dMQGI
EyahFuSLw55MN/9fVGzi6vIFrySEig3sj5yavAjKfEDY0EmMe27TeoqO2r4LWQwb
q6i+pHtLIh4wEuFX8J1h5V5hrc3LFhI2qNjCR+wx61/T61hYaWc356EDsrPa79e4
Du10GOobviTupUIY3NYM
=NV2b
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SLM - syslog over udp on port 514


ab;2186479 Wrote:
>
> You cannot tell Log Manager to listen directly on port 514 because it
> is
> lower than 1024 and non-root services cannot bind low ports.
>

thats exactly the reason why I asked this question

ab;2186479 Wrote:
>
> Instead the recommendation (as mentioned I believe in the connector
> documentation, if not the Log Manager documentation) is to setup the
> host's firewall to forward data from 514 to 1514 where Log Manager is
> listening. This happens by default on the appliance installs of Log
> Manager as well as Sentinel 7.
>

thanks a lot.. yes its discussed with appropriate iptable rule in
Syslog(connector) documentation
>
> ::C PORT FORWARDING::
> *Linux*
> To receive Syslog messages sent to a port less than 1024, run the
> Syslog Event Source Server on a port greater than 1024 and use port
> forwarding. You must run the following command as root:
> iptables -A PREROUTING -t nat -p <protocol> --dport <incoming port> -j
> DNAT --to-destination <IP>:<reroute port>
>
> For example, to forward packets arriving on port 514 to the Syslog
> Event Source Server running on the local machine's port 5514 (where
> 10.0.0.1 is the local machine’s IP address), run the following command:
>
> iptables -A PREROUTING -t nat -p udp --dport 514 -j DNAT
> --to-destination 10.0.0.1:5514
>
> To set up port forwarding for SLES 9 or SLES 10:
> 1. Append the command above to /etc/init.d/boot.local so it is executed
> as root. It should be near the end of the bootup process so that the
> above command runs each time the machine starts.
>


Once again .. Thanks a lot

Regards
Muhammad Sharfuddin


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: http://forums.novell.com/member.php?userid=63087
View this thread: http://forums.novell.com/showthread.php?t=454128

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.