From owner-freebsd-questions@FreeBSD.ORG Fri Aug 12 20:15:23 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1819516A41F for ; Fri, 12 Aug 2005 20:15:23 +0000 (GMT) (envelope-from dopplecoder@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AE6443D45 for ; Fri, 12 Aug 2005 20:15:22 +0000 (GMT) (envelope-from dopplecoder@gmail.com) Received: by zproxy.gmail.com with SMTP id z6so433783nzd for ; Fri, 12 Aug 2005 13:15:20 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=CuSbew2+L3nYbpJAWmvwhcMKu6iIeQ5bg4DcXRnUb3WR0AgvvCJTRkC0zanvrjjaQiVI6pCw7q1bSkUXs0ZSZFu5wt6xFFKbvEtQ+UCG6NAUUSAnLsahJSARX/bHTtLvf7jCrh7X28loduvHGa48CFepUMgO3oWBNo7kuSKQw+U= Received: by 10.37.22.45 with SMTP id z45mr3142529nzi; Fri, 12 Aug 2005 13:15:20 -0700 (PDT) Received: by 10.36.128.17 with HTTP; Fri, 12 Aug 2005 13:15:20 -0700 (PDT) Message-ID: <45d750d2050812131558f6c584@mail.gmail.com> Date: Fri, 12 Aug 2005 16:15:20 -0400 From: Aaron Peterson To: FreeBSD Questions Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: remote syslogging X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2005 20:15:23 -0000 in /etc/rc.conf: syslogd_enable=3D"YES" syslogd_flags=3D"-a 172.24.169.44/32:* -a 172.24.169.46/32:*" --------------------------------------- in syslog.conf: !* +chsfirewall1 local6.notice /var/log/firewall/chsfirewall1.log +chsfirewall2 local6.notice /var/log/firewall/chsfirewall2.log ------------------------------------ $ ls -l /var/log/firewall total 0 -rw------- 1 root wheel 0 Aug 12 15:23 chsfirewall1.log -rw------- 1 root wheel 0 Aug 12 15:33 chsfirewall2.log ------------------------------------- in /etc/hosts 172.24.169.44 chsfirewall1 172.24.169.46 chsfirewall2 ------------------------------------- $ tcpdump -i fxp0 -w firewall.bin udp and dst port 514 15:58:57.151625 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 15:58:57.151763 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 15:58:57.151889 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 147 15:58:57.152014 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 147 15:58:57.152141 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 15:58:57.166549 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 15:58:57.166688 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 152 15:58:57.166817 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 15:58:57.166965 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 15:58:57.167194 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 148 15:58:59.086044 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148 15:58:59.086179 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148 15:58:59.086306 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148 15:58:59.109459 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 149 ethereal outpug for the same traffic: Frame 2226 (191 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb Internet Protocol, Src Addr: 172.24.169.44 (172.24.169.44), Dst Addr: 172.26.35.21 (172.26.35.21) User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) Syslog message: LOCAL6.NOTICE: 13445 08/12/2005 16:09:20 t... No. Time Source Destination Protocol In= fo 2227 0.922397 172.24.169.44 172.26.35.21 Syslog LOCAL6.NOTICE: 13445 08/12/2005 16:09:20 t... Frame 2227 (190 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb Internet Protocol, Src Addr: 172.24.169.44 (172.24.169.44), Dst Addr: 172.26.35.21 (172.26.35.21) User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) Syslog message: LOCAL6.NOTICE: 13445 08/12/2005 16:09:20 t... No. Time Source Destination Protocol In= fo 2228 2.841247 172.24.169.46 172.26.35.21 Syslog LOCAL6.NOTICE: 6129 08/12/2005 16:05:34 tE... Frame 2228 (190 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr: 172.26.35.21 (172.26.35.21) User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:34 tE... No. Time Source Destination Protocol In= fo 2229 2.841382 172.24.169.46 172.26.35.21 Syslog LOCAL6.NOTICE: 6129 08/12/2005 16:05:42 tE... Frame 2229 (190 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr: 172.26.35.21 (172.26.35.21) User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:42 tE... No. Time Source Destination Protocol In= fo 2230 2.841509 172.24.169.46 172.26.35.21 Syslog LOCAL6.NOTICE: 6129 08/12/2005 16:05:47 tE... Frame 2230 (190 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr: 172.26.35.21 (172.26.35.21) User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:47 tE... No. Time Source Destination Protocol In= fo 2231 2.864662 172.24.169.46 172.26.35.21 Syslog LOCAL6.NOTICE: 6129 08/12/2005 16:05:48 tE... Frame 2231 (191 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr: 172.26.35.21 (172.26.35.21) User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:48 tE... ... Nothing in /var/log/firewall/chsfirewall1.log or chsfirewall2.log I must be missing something...