Re: syslogd lsitening on per default

hey!

i did that yesterday :), *after* my post to the list.... :\ , should have done it before.
the AcceptRemote flag gets set only if the -r option gets passed...

i still see no reason why it should bind() to the port... have you got any idea why this
like it is???

any way, i dont have much time atm, maybe ill have a peek later or at the weekend....

thank you for your investigations :)

kind regards
-morla

Luis Mondesi wrote:
> On Jan 31, 2008 6:18 AM, morla <morla@cracksucht.de> wrote:
>
>> hi again....
>>
>> even if there wanst much of a response, im back to report what i found....
>> maybe this will help anyone else who has a spelling problem and searches
>> on the interwebs for an explanation. :P
>>
>> if you configure syslogd to log to a remote syslogserver, it will bind
>> to port 514/UDP, even if it doesn't get the -r option passed.
>>
>> i find this really confusing... why would syslogd need to listen on any
>> interface just to send data to a remote server???
>> makes no sense for me at all...
>>
>> if anybody has an idea or knows why syslogd behaves like that, it would
>> be very interesting to hear about it on the list... (imo).
>>
>
> "use the [source] luke"
>
> $> apt-get source sysklogd
> syslogd.c:
> 210: The default behavior has changed for security reasons. The
> syslogd will not receive any remote message unless you turn reception
> on with the "-r" option.
> ...
> 2431: if (Forwarding || AcceptRemote) { ... create_inet_socket()...
>
> What I understand from this is:
> The socket is created and ready for sending messages to a remote
> syslog server, but without -r it will not receive any messages.
>
> Correct me if I'm wrong.
>
> Regards,
>
>

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org