hi,
New install on CentOS 7.5, did redirect to port 1514
REDIRECT tcp – anywhere anywhere tcp dpt:shell redir ports 1514
REDIRECT udp – anywhere anywhere udp dpt:syslog redir ports 1514
tcpdump show traffic:
tcpdump -i em1 -v port 514
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes
09:48:46.394623 IP6 (hlim 64, next-header TCP (6) payload length: 233) 2606:4100:38a0:242:d267:e5ff:feec:de35.59320 > zeke.sr.unh.edu.shell: Flags [P.], cksum 0xec25 (correct), seq 1232935553:1232935766, ack 2477132521, win 14400, length 213
09:48:46.394681 IP6 (hlim 64, next-header TCP (6) payload length: 20) zeke.sr.unh.edu.shell > 2606:4100:38a0:242:d267:e5ff:feec:de35.59320: Flags [.], cksum 0xd9b5 (incorrect -> 0xeafa), ack 213, win 65056, length 0
09:48:46.485803 IP6 (flowlabel 0x5d7a6, hlim 63, next-header TCP (6) payload length: 182) 2606:4100:38a0:243:d6ae:52ff:fe8b:e78b.46076 > zeke.sr.unh.edu.shell: Flags [P.], cksum 0x6a8e (correct), seq 2000213351:2000213501, ack 1096383653, win 225, options [nop,nop,TS val 756930448 ecr 834729], length 150
09:48:46.485867 IP6 (hlim 64, next-header TCP (6) payload length: 32) zeke.sr.unh.edu.shell > 2606:4100:38a0:243:d6ae:52ff:fe8b:e78b.46076: Flags [.], cksum 0x53fe (incorrect -> 0xa3f7), ack 150, win 133, options [nop,nop,TS val 964729 ecr 756930448], length 0
added two inputs syslog TCP and UDP, both running, neither shows any messages.
tried binding to 127.0.0.1; ::1 and its ipv4 address and ipv6 address
remote-host Syslog UDP RUNNING
On node 5f217766 / zeke.sr.unh.edu
allow_override_date:
true
bind_address:
132.177.242.40
expand_structured_data:
true
force_rdns:
false
override_source:
<empty>
port:
1514
recv_buffer_size:
262144
store_full_message:
true
Throughput / Metrics
1 minute average rate: 0 msg/s
Network IO: 0B 0B (total: 0B 0B )
Empty messages discarded: 0
remote-host Syslog TCP RUNNING
On node 5f217766 / zeke.sr.unh.edu
allow_override_date:
true
bind_address:
132.177.242.40
expand_structured_data:
false
force_rdns:
false
max_message_size:
2097152
override_source:
port:
1514
recv_buffer_size:
1048576
store_full_message:
false
tcp_keepalive:
false
tls_cert_file:
tls_client_auth:
disabled
tls_client_auth_cert_file:
tls_enable:
false
tls_key_file:
admin
tls_key_password:
use_null_delimiter:
false
So which log should I be looking at to find out why this is not working?
Mark