SUMMARY: syslogd and Network Terminal Server

From: Jeff Victor (victoj@hopper.Sage.EDU)
Date: Sat Oct 29 1994 - 05:06:10 CDT

Hi Folks,

Sorry this took so long to summarize, but only this morning did all the
pieces fit together. Unfortunately for us, the answer is
"it's not possible to do what we wanted". But for those of you interested
in syslogging, here's what happended:

I had wanted to set up our NTS (Network Terminal Server) to send syslog
messages to a host on its subnet. There *is* only one host on the subnet,
which is our firewall (the NTS serves the modem pool). That host has some
characteristics which prevent it from being usable as the NTS syslog host:

* It has multiple network interfaces
* The NTS is not on the subnet attached to /dev/le0
* IP_FORWARDING has been disabled (it *is* the firewall)

The problem was: syslog messages provided by the NTS were not logged at all
by the firewall. I was able to use snoop to determine that syslog messages
were being correctly produced by the NTS.

By the way, a few people responded with "set the NTS parameter syslog_port
to the port which syslogd uses, i.e. 514." Actually, that parameter refers to
a serial port on the NTS, not a network port. It means "send syslog messages
*out* through this port", and can be used, for example, to print syslog
messages. It is not possible to tell the NTS to use a non-standard
destination port for syslog messages.

To make a very long story short, the cause of the problem is that syslogd
is hard-coded to *only* listen to /dev/le0. This was verified by Sun's
software engineers. You can change the port number, but you can't tell
it to listen to another device, or to all devices.

I filed a Request For Enhancement with Sun, hoping that they'll add a way
to specify a particular network interface, perhaps "syslogd -i /dev/le2".

Until then, I'll have to find another way to accomplish this logging.

BTW, config=Solaris 2.3, NTS software revision 7.0.

Thanks to the following for insight:

