syslogd udp port

poncenby Thu, 04 Aug 2005 14:50:21 -0700

I remember asking how to stop syslogd opening udp port 514 a while agoand never doing anything about it, here goes again...


hopefully a relevant part of /etc/rc


echo 'starting system logger'
rm -f /dev/log
if [ "X${named_flags}" != X"NO" ]; then
        rm -f /var/named/dev/log
        syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
fi
if [ -d /var/empty ]; then
        rm -f /var/empty/dev/log
        mkdir -p -m 0555 /var/empty/dev
        syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"
fi
syslogd ${syslogd_flags}

if [ X"${pf}" != X"NO" -a X"${pflogd_flags}" != X"NO" ]; then
        if ifconfig pflog0 >/dev/null 2>&1; then
                ifconfig pflog0 up
                pflogd ${pflogd_flags}
        fi
fi

my /etc/rc.conf

syslogd_flags=                # add more flags, ie. "-u -a /chroot/dev/log"

output from command: netstat -p udp -an

Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
udp        0      0  *.514                  *.*

reading the man page doesn't really answer why there is programlistening on udp 514, seeing as I haven't passed syslogd the -u switch


-u      Select the historical ``insecure'' mode, in which syslogd will
         accept input from the UDP port.  Some software wants this, but
         you can be subjected to a variety of attacks over the network,
         including attackers remotely filling logs.

can anyone point me in the right direction so this annoying behaviour stops.

also, is there a switch for netstat which shows the pid/process for eachlistening port?


thanks in advance

poncenby

syslogd udp port

Reply via email to