I have to put some Solaris 10 hosts on the Net with no firewall. I would be perfectly comfortable with this except I cannot get syslogd to not open a UDP port somewhere greater than 32767. I have port 514 disabled with LOG_FROM_REMOTE=NO.
Has anyone dealt with this? The only alternative I can think of is to remove the Solaris syslogd and put in syslog-ng.
Message was edited by:
wsanders
The UDP port no open in this case is 58165:
# pfiles 1310
1310:/usr/sbin/syslogd
Current rlimit: 65536 file descriptors
0: S_IFDIR mode:0755 dev:85,10 ino:2 uid:0 gid:0 size:1024
O_RDONLY
/
1: S_IFDIR mode:0755 dev:85,10 ino:2 uid:0 gid:0 size:1024
O_RDONLY
/
2: S_IFDIR mode:0755 dev:85,10 ino:2 uid:0 gid:0 size:1024
O_RDONLY
/
3: S_IFDOOR mode:0444 dev:299,0 ino:59 uid:0 gid:0 size:0
O_RDONLY|O_LARGEFILE FD_CLOEXEC door to nscd[95]
/var/run/name_service_door
4: S_IFCHR mode:0600 dev:290,0 ino:50855940 uid:0 gid:3 rdev:97,0
O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
/devices/pseudo/sysmsg@0:sysmsg
5: S_IFREG mode:0644 dev:85,10 ino:46267 uid:0 gid:0 size:1105
O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
/var/adm/messages
6: S_IFREG mode:0644 dev:85,10 ino:46259 uid:0 gid:0 size:2348641
O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
/var/adm/auth.info
7: S_IFCHR mode:0000 dev:290,0 ino:45204 uid:0 gid:0 rdev:41,57
O_RDWR
/devices/pseudo/udp@0:udp
8: S_IFCHR mode:0600 dev:290,0 ino:50855940 uid:0 gid:3 rdev:97,0
O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
/devices/pseudo/sysmsg@0:sysmsg
9: S_IFREG mode:0644 dev:85,10 ino:46267 uid:0 gid:0 size:1105
O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
/var/adm/messages
10: S_IFCHR mode:0000 dev:290,0 ino:45203 uid:0 gid:0 rdev:21,6
O_RDONLY
/devices/pseudo/log@0:log
11: S_IFDOOR mode:0777 dev:297,0 ino:0 uid:0 gid:0 size:0
O_RDWR FD_CLOEXEC door to syslogd[1310]
Odd, I don't see a high-numbered port opened by syslogd on ALL my Sol 10 systems, just on most of them. Need to do more research.
