Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Help with destination of syslog messages?



I have a test environment consisting of Win 2008 R2 Server and Windows
XP w/SP3, both running the latest Snare Agent for Windows, along with
RHEL 5.6 and RHEL 6.2 servers, all within a VM environment.

I am testing Linux as a central logging option.   Snare Agent (free
version) uses UDP, so it is a natural option for standard syslog on
Linux.

I am tailing /var/log/messages and only see host-only traffic, but
another terminal window running tcpdump (or tcpdump -X port 514) DOES
show incoming traffic from the clients.   My question is where the
heck is that data going?   There are NO error messages on whichever
Linux box I designate as the server (if I were to switch between 5.6
and 6.2).

Traffic is coming in, but I'd love to know where, if anywhere, it is
being written.

Or, is there another step I need to learn to capture the data to a file?

An ls -ltr /var/log doesn't show anything helpful, either.

Thanks for any insights.

Scott



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org