Syslog daemon in Solaris by default is enabled for remote logging and will listen on UDP port 514 for syslog messages from remote systems. Unless, the server is acting as a remote logging server, this can be a Security issue as a malicious
user can launch a Denial Of Service (DoS) attack on the server.
Unless a Server is as a Remote Central Logging server, it is recommended to disable Remote logging in Solaris.
To check if your syslog service is listening for remote logs,
# netstat -aP udp | grep syslog
This will show an output for syslog with status “idle”.
After edit the /etc/default/syslogd and restart syslogd as follows:
# svcadm -v restart svc:/system/system-log
Action restart set for svc:/system/system-log:default
It can be achieved by simply editing the /etc/default/syslogd using an editor like vi
# vi /etc/default/syslogd
Change the line from
Save the file and restart the Syslogd daemon
# /etc/init.d/syslog stop
# /etc/init.d/syslog start
#netstat -aP|grep syslog
should not show an entry for syslog with status “idle”
It is done in the M company to secure the U2000, beacuse no firewall in the network to protect the U2000.