Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Question about syslog over ssh
February 18, 2005, 5:36 pm
rate this thread
I would like to apologize because I am a junior and my question can
look silly to some of you.
I am currently trying to centralize all the logs of the various
unix/linux machines. The problem is we have various subnets which can
only communicate via SSH.
As an example only one host from the DMZ is allowed to connect via ssh
to one host in the INTERN subnet.
I tried first to tunnel syslog via ssh from a DMZ host to an INTERN
logging server host.
On the INTERN syslog server :
nc -l -p 9999 | nc localhost -u syslog
ssh -g -R 9999:localhost:9999 user@dmzhost
On the DMZ host
nc -l -u -p syslog | nc localhost 9999
It worked fine except that on the syslog entry I have the host name is
loclhost.localdomain. The way I understand it the INTERN syslog server
acts as if it was receiving the log messages from the loopback
interface (127.0.0.1) . Is this right ? Does any of you have an idea
how I could set the whole thing up to log the actual hostname
(dmzhost) in the log entries ?
IF that matters the linux distributions are RedHat 9 on one side and
Fedora Core 1.
Thanks in advance for any tip.
- all mail refused
February 18, 2005, 10:16 pm
Re: Question about syslog over ssh
You can re-write the message to contain the originating hostname
before transmitting it. Then the syslogd that collects it from
localhost will not change that value.
The format of syslog messsages is explained here.
I'd be inclined to pick from these options:
- look for a replacement syslog program that does this
- modify the existing syslog program
- read /dev/log, esit the data, transmit by SSH all in Perl
using modules from CPAN
What I currently do is have DMZ hosts write logs to local files
that I grab from time to time.
Elvis Notargiacomo master AT barefaced DOT cheek
Elections must be close. Simon Hughes MP (LibDem) (well, an assistant)
has replied to my letter from 9 months ago.
- » ssh connection still open after transfer and exit during scp
- — Next thread in » Secure Shell Forum
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum