token454 / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Unable to write to syslog with UDP #482

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?

1. Configure 'udp,127.0.0.1,514' under 'Syslog Audit Servers'.

PWM insists on using TCP regardless.  The following tcpdump output illustrates 
this:

Note there is no UDP traffic over port 514 when writing to syslog is attempted:

# tcpdump -p -nn -iany port 514 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes

0 packets captured
0 packets received by filter
0 packets dropped by kernel

However there is TCP traffic over port 514:

# tcpdump -p -nn -iany port 514 and tcp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
12:26:51.913284 IP 127.0.0.1.55783 > 127.0.0.1.514: S 558935668:558935668(0) 
win 32792 <mss 16396,sackOK,timestamp 2230524928 0,nop,wscale 7>
12:26:51.913300 IP 127.0.0.1.514 > 127.0.0.1.55783: R 0:0(0) ack 558935669 win 0

2 packets captured
4 packets received by filter
0 packets dropped by kernel

Version info:

PWM: 1.7.0 (release)
RHEL: 5.9 x86_64
Tomcat: 6.0.36
OpenLDAP: 2.3.43

Please paste any error log messages below:

ERROR, event.AuditManager, 5060 ERROR_SYSLOG_WRITE_ERROR 
(java.net.ConnectException: Connection refused) fields: [udp,127.0.0.1,514, 
java.net.ConnectException: Connection refused]

Original issue reported on code.google.com by rjaf...@gmail.com on 16 Sep 2013 at 10:59

GoogleCodeExporter commented 8 years ago
fixed in trunk.

Original comment by jrivard on 24 Jun 2014 at 11:34