KadalbuntunK Project

The Pressure, the constant fear.. its more than a man can bear

« Oracle Auditing
jendela jakarta »

Sentinel Syslog Port

Posted by kadalbuntunk on April 21, 2008

In unix or linux machine, only root who able run the syslog service on port lower than 1024. If you run syslog server from the Sentinel Live View using this port, you will get the ‘X’ on top of the Syslog Server like this

Its indicate error occurred at the syslog server.

The Error message is :

Error initializing Syslog Server on port 514 (port might be used by other process): java.net.BindException: Permission denied

To solve this problem you can do port forwarding. In Linux redhat you can run this command as root

# iptables -t nat -I PREROUTING -p udp –dport 514 -j REDIRECT –to-port 10514

This command will forward port no 514 to port no 10514. So your server can receive syslog packet through port 514 and sentinel can run syslog server on port 10514 to receive the syslog message.

If your server no iptables installed, you can try this step. I try on Sun Solaris 10, and its work. This step will allow user esecadm to run the syslog on port no 514 from sentinel application

  1. Add the following line into /etc/user_attr

esecadm::::type=normal;defaultpriv=basic,net_privaddr

  1. And then add the following line into /etc/services (separate with tab)

esecadm 514/udp

  1. Run this command

usermod -K defaultpriv=basic,net_privaddr esecadm

Try to add syslog event source from live view, if error still occurred, you should reboot your server

This entry was posted on April 21, 2008 at 1:46 pm and is filed under KadalTech. . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« Oracle Auditing
jendela jakarta »