From owner-freebsd-questions@FreeBSD.ORG Thu Apr 30 13:29:41 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5FE3784E for ; Thu, 30 Apr 2015 13:29:41 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1F12F1970 for ; Thu, 30 Apr 2015 13:29:40 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-76-245.adsl.hiwaay.net [216.180.76.245]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id t3UDTdKA020256 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Thu, 30 Apr 2015 08:29:39 -0500 Message-ID: <55422E43.8090206@hiwaay.net> Date: Thu, 30 Apr 2015 08:35:54 -0453 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: minor syslog issue References: <55422366.8060000@hiwaay.net> <554229CE.30009@infracaninophile.co.uk> In-Reply-To: <554229CE.30009@infracaninophile.co.uk> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2015 13:29:41 -0000 On 04/30/15 08:16, Matthew Seaman wrote: > On 2015/04/30 13:42, William A. Mahaffey III wrote: >> So far after a day or 2, nothing appears from the RPi on kabini1, >> including nothing in /var/log/security (possibly indicating firewall >> impeding traffic). Almost certainly pilot error, any help appreciated >> :-) .... TIA & have a good one. > You need to tell the receiving syslogd what port numbers to accept > traffic from, as well as the IP numbers. > > In /etc/rc.conf: > > syslogd_flags="-a 192.168.0.0/16:514 -C -T" > > assuming you're using the default logging port for traffic from your > RPi+. If not, then 192.168.0.0/16:* will allow traffic from any port > number, although personally I'd spend some quality time with tcpdump > and/or wireshark looking at what network ports were actually used. > > Cheers, > > Matthew Hmmmm .... I restarted syslogd w/ args as above. Then, 'tcpdump -c 100' shows: 08:23:13.844574 IP q6600.892 > kabini1.local.1023: Flags [F.], seq 77, ack 86, win 46, options [nop,nop,TS val 1691799656 ecr 1344249102], length 0 08:23:13.844599 IP kabini1.local.1023 > q6600.892: Flags [.], ack 78, win 1040, options [nop,nop,TS val 1344249102 ecr 1691799656], length 0 08:23:15.587348 IP kabini1.local.25455 > q6600.ssh: Flags [.], ack 979662038, win 0, length 0 08:23:15.587449 IP kabini1.local.25455 > q6600.ssh: Flags [.], ack 1, win 1040, options [nop,nop,TS val 1344250845 ecr 1691521403], length 0 08:23:15.587470 IP q6600.ssh > kabini1.local.25455: Flags [.], ack 1, win 204, options [nop,nop,TS val 1691801399 ecr 1343970845], length 0 08:23:17.847390 IP kabini1.local.572754 > q6600.nfs: 40 null 08:23:17.847513 IP q6600.nfs > kabini1.local.572754: reply ok 24 null 08:23:25.760879 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 685496912:685496960, ack 1741963517, win 1040, options [nop,nop,TS val 1344261018 ecr 2649344], length 48 08:23:25.762723 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 1:49, ack 48, win 4197, options [nop,nop,TS val 2649683 ecr 1344261018], length 48 08:23:25.862332 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 49, win 1040, options [nop,nop,TS val 1344261120 ecr 2649683], length 0 08:23:25.968802 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 48:96, ack 49, win 1040, options [nop,nop,TS val 1344261226 ecr 2649683], length 48 08:23:25.970776 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 49:161, ack 96, win 4197, options [nop,nop,TS val 2649683 ecr 1344261226], length 112 08:23:26.070254 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 161, win 1040, options [nop,nop,TS val 1344261328 ecr 2649683], length 0 08:23:26.200706 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 96:144, ack 161, win 1040, options [nop,nop,TS val 1344261458 ecr 2649683], length 48 08:23:26.207313 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 161:225, ack 144, win 4197, options [nop,nop,TS val 2649683 ecr 1344261458], length 64 08:23:26.307341 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 225, win 1040, options [nop,nop,TS val 1344261565 ecr 2649683], length 0 08:23:26.400741 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 144:192, ack 225, win 1040, options [nop,nop,TS val 1344261658 ecr 2649683], length 48 08:23:26.402682 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 225:305, ack 192, win 4197, options [nop,nop,TS val 2649684 ecr 1344261658], length 80 08:23:26.502205 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 305, win 1040, options [nop,nop,TS val 1344261760 ecr 2649684], length 0 08:23:26.576902 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 192:240, ack 305, win 1040, options [nop,nop,TS val 1344261834 ecr 2649684], length 48 08:23:26.578803 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 305:369, ack 240, win 4197, options [nop,nop,TS val 2649684 ecr 1344261834], length 64 08:23:26.678213 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 369, win 1040, options [nop,nop,TS val 1344261936 ecr 2649684], length 0 08:23:28.232819 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 240:288, ack 369, win 1040, options [nop,nop,TS val 1344263490 ecr 2649684], length 48 08:23:28.236986 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 369:417, ack 288, win 4197, options [nop,nop,TS val 2649687 ecr 1344263490], length 48 08:23:28.336206 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 417, win 1040, options [nop,nop,TS val 1344263594 ecr 2649687], length 0 08:23:28.494514 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 417:481, ack 288, win 4197, options [nop,nop,TS val 2649688 ecr 1344263594], length 64 08:23:28.496828 IP RPiB+.59735 > kabini1.local.syslog: SYSLOG syslog.error, length: 59 08:23:28.497229 IP RPiB+.59735 > kabini1.local.syslog: SYSLOG syslog.error, length: 59 08:23:28.500310 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 481:545, ack 288, win 4197, options [nop,nop,TS val 2649688 ecr 1344263594], length 64 08:23:28.500405 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 545, win 1039, options [nop,nop,TS val 1344263758 ecr 2649688], length 0 08:23:30.538498 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 545:593, ack 288, win 4197, options [nop,nop,TS val 2649692 ecr 1344263758], length 48 08:23:30.638333 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 593, win 1040, options [nop,nop,TS val 1344265896 ecr 2649692], length 0 08:23:30.723997 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 593:657, ack 288, win 4197, options [nop,nop,TS val 2649692 ecr 1344265896], length 64 08:23:30.823253 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 657, win 1040, options [nop,nop,TS val 1344266081 ecr 2649692], length 0 08:23:30.947285 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 657:705, ack 288, win 4197, options [nop,nop,TS val 2649693 ecr 1344266081], length 48 08:23:30.995288 IP RPiB+.59733 > kabini1.local.syslog: SYSLOG syslog.info, length: 47 08:23:31.047337 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 705, win 1040, options [nop,nop,TS val 1344266305 ecr 2649693], length 0 08:23:47.848393 IP kabini1.local.572770 > q6600.nfs: 40 null 08:23:47.848535 IP q6600.nfs > kabini1.local.572770: reply ok 24 null ^C 74 packets captured 74 packets received by filter 0 packets dropped by kernel [root@kabini1, /etc, 8:30:13am] 476 % tail -15 /var/log/messages ; hwclock -r ; date Apr 23 15:55:03 kabini1 pkg: sssnips-0.05 installed Apr 23 16:01:00 kabini1 pkg-static: gmake-4.1_1 installed Apr 23 16:01:03 kabini1 pkg: sssnips-0.05 deinstalled Apr 23 16:01:03 kabini1 pkg-static: sssnips-0.05 installed Apr 27 08:54:42 kabini1 dbus[847]: [system] Failed to activate service 'org.freedesktop.Avahi': timed out Apr 27 09:08:34 kabini1 dbus[847]: [system] Failed to activate service 'org.freedesktop.Avahi': timed out Apr 27 10:12:49 kabini1 dbus[847]: [system] Failed to activate service 'org.freedesktop.Avahi': timed out Apr 28 09:30:12 kabini1 kernel: Limiting closed port RST response from 276 to 200 packets/sec Apr 28 09:30:13 kabini1 kernel: Limiting closed port RST response from 239 to 200 packets/sec Apr 28 09:30:14 kabini1 kernel: Limiting closed port RST response from 280 to 200 packets/sec Apr 28 09:30:16 kabini1 kernel: Limiting closed port RST response from 319 to 200 packets/sec Apr 30 08:13:49 kabini1 syslogd: exiting on signal 15 Apr 30 08:13:49 kabini1 syslogd: kernel boot file is /boot/kernel/kernel Apr 30 08:16:36 kabini1 kernel: re0: promiscuous mode enabled Apr 30 08:17:53 kabini1 kernel: re0: promiscuous mode disabled hwclock: Command not found. Thu Apr 30 08:30:22 MCDT 2015 [root@kabini1, /etc, 8:30:22am] 477 % i.e. still nothing. When I restarted the syslogd on the RPiB+, @ 8:23:43 local time: rpi # rc.d/syslogd restart Stopping syslogd. Waiting for PIDS: 2779. Starting syslogd. rpi # tail -15 /var/log/messages ; date Apr 26 22:00:00 rpi syslogd[603]: restart Apr 27 22:00:01 rpi syslogd[603]: restart Apr 28 08:00:00 rpi syslogd[603]: restart Apr 28 22:00:00 rpi syslogd[603]: restart Apr 29 14:54:44 rpi syslogd[603]: Exiting on signal 15 Apr 29 10:01:01 rpi syslogd[25366]: restart Apr 29 17:06:15 rpi syslogd[25366]: restart Apr 30 07:28:32 rpi syslogd[25366]: Exiting on signal 15 Apr 30 07:28:34 rpi syslogd[27124]: restart Apr 30 08:20:34 rpi syslogd[27124]: Exiting on signal 15 Apr 30 08:20:34 rpi syslogd[27124]: Exiting on signal 15 Apr 30 08:20:37 rpi syslogd[2779]: restart Apr 30 08:23:43 rpi syslogd[2779]: Exiting on signal 15 Apr 30 08:23:43 rpi syslogd[2779]: Exiting on signal 15 Apr 30 08:23:45 rpi syslogd[14885]: restart Thu Apr 30 08:27:37 MCDT 2015 rpi # Any more clues appreciated .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.