syslog - tcp

[roundkat]

Looking in the handbook FreeBSD Handbook only UDP 514 is available for syslog.
On my test box I modified /etc/services and restarted syslogd but only udp-514 was listening

11.2-RELEASE-p10
Wed May 29 16:50:24 /etc
root@-#netstat -na | grep 514
udp4       0      0 *.514                  *.*                   
udp6       0      0 *.514                  *.*

I have a specific task that I need to run syslog on tcp-514 unless there is a better tcp port that would be preferred.
The device sending syslog information can be configured to send on any port.
The environment is closed.

Thx

 

[SirDice]

FreeBSD's syslogd(8) can only listen on UDP. You can change the port but it's going to be UDP in any case.

     -b bind_address[:service]

     -b :service
             Bind to a specific address and/or port.  The address can be
             specified as a hostname, and the port as a service name.  If an
             IPv6 address is specified, it should be enclosed with `[' and
             `]'.  The default service is `syslog'.  This option can be
             specified multiple times to bind to multiple addresses and/or
             ports.

If you absolutely require TCP then you will need to install any of the alternate syslog daemons from ports/packages.

 

[roundkat]

SirDice,
Thx for the detailed response, what would be your recommended choice, I have seen rsyslog and syslog-ng.
Thx

 

[SirDice]

I personally like syslog-ng but rsyslog should be fine too. The latter is the default syslog daemon on RHEL/CentOS and Debian/Ubuntu, so you may be more familiar with it.