Re: syslogd lsitening on per default

On Jan 31, 2008 6:18 AM, morla <morla@cracksucht.de> wrote:
> hi again....
>
> even if there wanst much of a response, im back to report what i found....
> maybe this will help anyone else who has a spelling problem and searches
> on the interwebs for an explanation. :P
>
> if you configure syslogd to log to a remote syslogserver, it will bind
> to port 514/UDP, even if it doesn't get the -r option passed.
>
> i find this really confusing... why would syslogd need to listen on any
> interface just to send data to a remote server???
> makes no sense for me at all...
>
> if anybody has an idea or knows why syslogd behaves like that, it would
> be very interesting to hear about it on the list... (imo).

"use the [source] luke"

$> apt-get source sysklogd
 syslogd.c:
  210: The default behavior has changed for security reasons. The syslogd will not receive any remote message unless you turn reception on with the "-r" option.
  ...
  2431: if (Forwarding || AcceptRemote) { ... create_inet_socket()...

What I understand from this is:
The socket is created and ready for sending messages to a remote syslog server, but without -r it will not receive any messages.

Correct me if I'm wrong.

Regards,

-- 
----)(-----
Luis Mondesi
Maestro Debiano

----- START ENCRYPTED BLOCK (Triple-ROT13) ------
Gur Hohagh [Yvahk] qvfgevohgvba oevatf gur fcvevg bs Hohagh gb gur
fbsgjner jbeyq.
----- END ENCRYPTED BLOCK (Triple-ROT13) ------


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org