From owner-freebsd-questions@FreeBSD.ORG  Sun Feb  5 08:05:05 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DC7F516A420
	for <freebsd-questions@freebsd.org>;
	Sun,  5 Feb 2006 08:05:05 +0000 (GMT)
	(envelope-from bill@wiliweld.com)
Received: from typhoon.he.net (typhoon.he.net [64.62.229.2])
	by mx1.FreeBSD.org (Postfix) with SMTP id 850E443D45
	for <freebsd-questions@freebsd.org>;
	Sun,  5 Feb 2006 08:05:05 +0000 (GMT)
	(envelope-from bill@wiliweld.com)
Received: from liam.billschoolcraft.com ([63.204.157.14]) by typhoon.he.net
	for <freebsd-questions@freebsd.org>; Sun, 5 Feb 2006 00:05:02 -0800
Date: Sun, 5 Feb 2006 00:05:02 -0800 (PST)
From: Bill Schoolcraft <bill@wiliweld.com>
X-X-Sender: bill@liam.billschoolcraft.com
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
In-Reply-To: <Pine.LNX.4.61.0602042329000.16821@liam.billschoolcraft.com>
Message-ID: <Pine.LNX.4.61.0602050003470.16821@liam.billschoolcraft.com>
References: <Pine.LNX.4.61.0602032143280.7777@liam.billschoolcraft.com>
	<43E48BB8.7000906@infracaninophile.co.uk>
	<Pine.LNX.4.61.0602042329000.16821@liam.billschoolcraft.com>
System-ID: [en] (SuSE-9.3 64-bit)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-questions@freebsd.org
Subject: Re: 6.0, allow remote logging? (correction)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Feb 2006 08:05:06 -0000

At Sat, 4 Feb 2006 it looks like Bill Schoolcraft composed:

> At Sat, 4 Feb 2006 it looks like Matthew Seaman composed:
> 
> > Bill Schoolcraft wrote:
> > > But when I go to check an see if the external port 514/udp is open I
> > > get nothing showing:
> > > 
> > > #############################################################
> > > 
> > > [root@logserv ~]-> nmap localhost
> > > 
> > > (The 1660 ports scanned but not shown below are in state: closed)
> > > PORT   STATE SERVICE
> > > 22/tcp open  ssh
> > > 25/tcp open  smtp
> > > 80/tcp open  http
> > > 
> > > #############################################################
> > 
> > Umm... by default nmap only scans /TCP/ ports.  syslog is a /UDP/ service.
> > 
> > Try sockstat(1) to see what network ports processes are listening on, and
> > use nmap like so to scan for UDP listeners:
> > 
> >     # nmap -sU -p U:1-8080 hostname
> > 
> > Note that UDP scans intrinsically tend to take a lot longer than TCP scans --
> > the nmap(1) man page explains why -- so don't try scanning too many ports at
> > once, or you'll be waiting years for a result.
> > 
> 
> Thanks Matthew for the above example.  I tried it and nothing came
> up as open.  And my 'ps -auxw' output shows syslogd running with the
> "-s <ipaddr>" too.  I wonder how to trigger that port to receive
> packets.  Apparently syslogd believes all is well. :(
> 

Sorry, the correction is that the ps output shows "-a <ipaddr>"

-- 
Bill Schoolcraft       |  Life's journey is not to arrive at the
PO Box 210076          |  grave safely in a well preserved body,
San Francisco,CA 94121 |  but rather to skid in sideways, totally
http://wiliweld.com    |  spent, yelling "holy shit, what a ride!"