From owner-freebsd-current@FreeBSD.ORG  Sat Oct 29 03:30:29 2011
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A7EEA106564A
	for <freebsd-current@freebsd.org>; Sat, 29 Oct 2011 03:30:29 +0000 (UTC)
	(envelope-from kob6558@gmail.com)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com
	[209.85.210.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 7702C8FC15
	for <freebsd-current@freebsd.org>; Sat, 29 Oct 2011 03:30:29 +0000 (UTC)
Received: by iaky10 with SMTP id y10so7344496iak.13
	for <freebsd-current@freebsd.org>; Fri, 28 Oct 2011 20:30:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=Ekxt+kWCy/A2fqSLzykMO1a/QpkZmZMalqC+0QmOSFk=;
	b=dWOBRHFrQpLyXGoIWajt7ZTq0tzh1NsP84LlyHvdDMYuq/ysvX4XBOUxIHiKCk+E/1
	0KfcD+OvNyP3zyBARsVXlmlmXQXdcvMzmiFfa0UUshxRmK5Ma9v+1EMlQda2ivhw77VV
	WWRteSiaaWfRUhRzVvyo4qrwitjhJZGmotgxY=
MIME-Version: 1.0
Received: by 10.231.21.217 with SMTP id k25mr1780257ibb.63.1319859028792; Fri,
	28 Oct 2011 20:30:28 -0700 (PDT)
Received: by 10.231.46.198 with HTTP; Fri, 28 Oct 2011 20:30:28 -0700 (PDT)
In-Reply-To: <0dcf638e123d2161d0e9d3c77386a8e7.squirrel@webmail.lerctr.org>
References: <0dcf638e123d2161d0e9d3c77386a8e7.squirrel@webmail.lerctr.org>
Date: Fri, 28 Oct 2011 20:30:28 -0700
Message-ID: <CAN6yY1sKd_hZ3baTfcjUjBm-RmSuxUJQ2XOWT9HACwcXu+8xBg@mail.gmail.com>
From: Kevin Oberman <kob6558@gmail.com>
To: Larry Rosenman <ler@lerctr.org>
Content-Type: text/plain; charset=ISO-8859-1
Cc: freebsd-current@freebsd.org
Subject: Re: syslogd: Remote Logging busted?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2011 03:30:29 -0000

On Fri, Oct 28, 2011 at 7:22 PM, Larry Rosenman <ler@lerctr.org> wrote:
>
> I enabled remote logging for my home subnet, and syslogd doesn't seem(!) to
> be logging the messages.
>
> They ARE making it to the system.
>
> Can someone look at bin/162135 which has all the details, including
> tcpdump to show that the messages are making it to the system.

Just to be clear, you are running tcpdump on borg, right? The
statement "This is from my Cable Modem:" confuses me a bit.

Assuming tcpdump is on borg, it is making past any firewall (pf or
ipfw, at least). What about /etc/hosts.allow? I don't recall if it
filters before or after pcap see packets. I used to have a diagram
showing the sequence of processing this, but I can't seem to find it
now.

What does "netstat -af inet | grep syslog" show? Is syslogd actually listening?
-- 
R. Kevin Oberman, Network Engineer
E-mail: kob6558@gmail.com