From owner-freebsd-doc@FreeBSD.ORG Thu Sep 29 18:00:28 2011 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E3131065678 for ; Thu, 29 Sep 2011 18:00:28 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 44F498FC0A for ; Thu, 29 Sep 2011 18:00:28 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p8TI0SHL050805 for ; Thu, 29 Sep 2011 18:00:28 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p8TI0Swx050804; Thu, 29 Sep 2011 18:00:28 GMT (envelope-from gnats) Date: Thu, 29 Sep 2011 18:00:28 GMT Message-Id: <201109291800.p8TI0Swx050804@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: Glen Barber Cc: Subject: Re: docs/161129: syslog does not accept remote host logs X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Glen Barber List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2011 18:00:28 -0000 The following reply was made to PR docs/161129; it has been noted by GNATS. From: Glen Barber To: Andrei Kolu Cc: bug-followup@FreeBSD.org Subject: Re: docs/161129: syslog does not accept remote host logs Date: Thu, 29 Sep 2011 13:51:33 -0400 Hi, On 9/29/11 1:30 PM, Andrei Kolu wrote: >> Number: 161129 >> Category: docs >> Synopsis: syslog does not accept remote host logs >> Description: > If I configure syslog for remote logging according to this manual: > http://www.freebsd.org/doc/handbook/network-syslogd.html > > ####hosts file > 10.10.10.1 cisco1812 cisco1812.example.com > > ####rc.conf > syslogd_enable="YES" > syslogd_flags="-d -a 10.10.10.1 -v -v" > > ####syslog.conf > # Logging cisco > +cisco1812.example.com > *.* /var/log/cisco1812.example.com.log > > then syslog would give me this error: > > "validate: dgram from IP 10.10.10.1, port 54446, name cisco1812.example.com; > rejected in rule 0 due to port mismatch." According to syslogd(8): % Multiple -a options may be specified. % The allowed_peer option may be any of the following: % ipaddr/masklen[:service] Accept datagrams from ipaddr (in the % usual dotted quad notation) with % masklen bits being taken into account % when doing the address comparison. % ipaddr can be also IPv6 address by % enclosing the address with ‘[’ and % ‘]’. If specified, service is the % name or number of an UDP service (see % services(5)) the source packet must % belong to. A service of ‘*’ allows % packets being sent from any UDP port. % The default service is ‘syslog’. So, if ":*" or some other port is not specified, the default will be the syslog UDP port 514 (from /etc/services). According to the above, your cisco device is using port 54446. I suspect this will work with the following rc.conf entry: ####rc.conf syslogd_enable="YES" syslogd_flags="-d -a 10.10.10.1:54446 -v -v" Can you please try this, and let us know? Regards, Glen -- Glen Barber | gjb@FreeBSD.org FreeBSD Documentation Project