I'am trying to send logs to an external Syslog server via Remote Syslog Settings but i don't have any access to the server how am i gonna check if the logs are actually being sent?
you may use tcpdump:
tcpdump -nei any port 514
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
Thanks for the reply, here is the ss from the command. the blank part is my public IP. Do you see any kind of problem cuz as much as i see Logs are going.
Looks ok for me ... if 172.16.1.8 is your "external" Syslog-server.
you may try tcpdump -nei any | grep 172.16.1.8
to see if there are answer-packets too ...
Thanks now i can check the in/out packets from 514 or any port.
here is no port limitation ... but you can cascade multiple grep ...
tcpdump -nei any | grep 172.16.1.8 | grep 514