The port is also used to (potentially) send data out to other syslog
servers. Therefore, it is left open. This is made ASTUNDINGLY
clear in the manual page, if you would read it:
syslogd opens the above described socket whether or not it is running in
secure mode. If syslogd is running in secure mode, all incoming data on
this socket is discarded. The socket is required for sending forwarded
messages.
See that? It says anything read is DISCARDED.
This behaviour is not going to be changed. Period.
I remember asking how to stop syslogd opening udp port 514 a while ago
and never doing anything about it, here goes again
hopefully a relevant part of /etc/rc
echo 'starting system logger'
rm -f /dev/log
if [ "X${named_flags}" != X"N" ]; then
rm -f /var/named/dev/log
syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
fi
if [ -d /var/empty ]; then
rm -f /var/empty/dev/log
mkdir -p -m 0555 /var/empty/dev
syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"
fi
syslogd ${syslogd_flags}
if [ X"${pf}" != X"N" -a X"${pflogd_flags}" != X"N" ]; then
if ifconfig pflog0 >/dev/null 2>&1; then
ifconfig pflog0 up
pflogd ${pflogd_flags}
fi
fi
my /etc/rc.conf
syslogd_flags= # add more flags, ie. "-u -a /chroot/dev/log"
output from command: netstat -p udp -an
Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp 0 0 *.514
reading the man page doesn't really answer why there is program
listening on udp 514, seeing as I haven't passed syslogd the -u switch
-u Select the historical ``insecure'' mode, in which syslogd will
accept input from the UDP port. Some software wants this, but
you can be subjected to a variety of attacks over the network,
including attackers remotely filling logs.
can anyone point me in the right direction so this annoying behaviour stops.
also, is there a switch for netstat which shows the pid/process for each
listening port?
thanks in advance
poncenby

8/5/05, poncenby <smythe (AT) poncenby (DOT) plus.comwrote:
Firstly I never said mentioned the word security, so I don't know where
Tobias got that from.

I apologise once again for not searching the archives and reading the
man pages.

May I suggest some tolerance(doesn't have to be sincere) for people who
are simply either too busy or too lazy to read man pages in their
entirety. or just simply ignore the email. surely certain people on this
list (theo - that's you!) don't actually enjoy patronising their loyal
userbase?

<snip>

In the long run, it's usually faster to do research than to send a
question to a mailing list and hope someone is going to hold your
hand. You waste your time and everyone elses. If you want to be lazy,
pay someone to do your administration, don't expect everyone else to
do it for free.

Shawn K. Quinn wrote:
Fri, 2005-08-05 at 07:33 +0100, poncenby wrote:

>>May I suggest some tolerance(doesn't have to be sincere) for people
>>who are simply either too busy or too lazy to read man pages in their
>>entirety. or just simply ignore the email. surely certain people on
>>this list (theo - that's you!) don't actually enjoy patronising their
>>loyal userbase?

You should be reading the man page first, then asking questions on list
(or elsewhere, e.g. IRC), not the other way around. And ignoring these
sorts of e-mails isn't an option, as people need to know the expected
protocol is to read the man page first.

Start out with the goal of making an operating system possible to use
without reading documentation, and you wind up with something like
Microsoft Windows (however, even Microsoft must document a lot of
things, even if it is only available in electronic form). I'm sure
you've either already been down that road, or have no desire to go down
it.

The people that WTFM intend for you to RTFM.

wow shawn, that's really clever. you have saved yourself thirty eight
key depressions and managed to convey no sense of authority.

if only i could be as l33t

poncenby

Abraham Al-Saleh wrote:
8/5/05, poncenby <smythe (AT) poncenby (DOT) plus.comwrote:

>>Firstly I never said mentioned the word security, so I don't know where
>>Tobias got that from.
>>
>>I apologise once again for not searching the archives and reading the
>>man pages.
>>
>>May I suggest some tolerance(doesn't have to be sincere) for people who
>>are simply either too busy or too lazy to read man pages in their
>>entirety. or just simply ignore the email. surely certain people on this
>>list (theo - that's you!) don't actually enjoy patronising their loyal
>>userbase?

<snip>

In the long run, it's usually faster to do research than to send a
question to a mailing list and hope someone is going to hold your
hand. You waste your time and everyone elses. If you want to be lazy,
pay someone to do your administration, don't expect everyone else to
do it for free.

if you think about what you said

"in the long run it's usually faster to do research"

just doesn't make sense. i wanted an answer within a day, didn't have
time to read the man pages so posted a question to misc and got an
answer (within a day). f*%k the long run, what exactly is "the long run"
anyway.

(see, anyone can be pedantic if they can be arsed).

When i post to misc I hope some kind folk will receive it in the manner
intended (i.e. a newbie attempting to grasp a solid foundation in BSD
concepts). Yes I realise I could gain this from reading every single man
page but that is not realistic (maybe it is for people with nothing
better to do at that time).

the box is run in my own time and when I post a question (as stupid as
it might seem) then go to work and come back with a maillist full of
utter dribble like this, hoping there will be at least 1 constructive
answer somewhere buried within it.
i run a box with openbsd in my spare time - i'm not going to pay for
someone to do it for me. i'll learn the way i want to learn, which
differs depending on how lazy/busy I am at that point in time.

it seems a lot of people assume that openbsd enthusiasts actually have
an unlimited time to find the answers to every single question they will
ever have.

it just isn't the case and tolerance is needed.

do you agree theo? :)

poncenby

8/5/05, poncenby <smythe (AT) poncenby (DOT) plus.comwrote:

if you think about what you said

"in the long run it's usually faster to do research"

just doesn't make sense. i wanted an answer within a day, didn't have
time to read the man pages so posted a question to misc and got an
answer (within a day). f*%k the long run, what exactly is "the long run"
anyway.

It doesn't take a day to read the man pages, usualy just a couple of
minutes. It's easier, and nicer to the people reading the list. :)

ddp

Sat, 06 Aug 2005 03:15:07 +0100
poncenby <smythe (AT) poncenby (DOT) plus.comwrote:
just doesn't make sense. i wanted an answer within a day, didn't have
time to read the man pages so posted a question to misc and got an
answer (within a day).

What *you* want is rather irrelevant.

When i post to misc I hope some kind folk will receive it in the manner
intended (i.e. a newbie attempting to grasp a solid foundation in BSD
concepts). Yes I realise I could gain this from reading every single man
page but that is not realistic (maybe it is for people with nothing
better to do at that time).

Ever heard of "apropos" and "man -k"?
And really, it's not THAT difficult to find the man page for syslogd

i run a box with openbsd in my spare time - i'm not going to pay for
someone to do it for me.
If you dont want to pay I guess you'll just have to do your own homework, eh?

it seems a lot of people assume that openbsd enthusiasts actually have
an unlimited time to find the answers to every single question they will
ever have.

It seems many people who post on misc@ seem to think the openbsd users exists solely
to answer their questions, no matter how many time's they'e been answered before.

Lars Hansson