From owner-freebsd-questions@FreeBSD.ORG Thu Mar 22 21:44:41 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CBA6216A406 for ; Thu, 22 Mar 2007 21:44:41 +0000 (UTC) (envelope-from rottweilertje@rottnic.nl) Received: from rottnic.nl (rottnic.demon.nl [83.160.164.231]) by mx1.freebsd.org (Postfix) with ESMTP id 5B3CC13C4BF for ; Thu, 22 Mar 2007 21:44:39 +0000 (UTC) (envelope-from rottweilertje@rottnic.nl) Received: from localhost (unknown [127.0.0.1]) by rottnic.nl (Postfix) with ESMTP id B96203F4AD; Thu, 22 Mar 2007 22:44:37 +0100 (CET) X-Virus-Scanned: amavisd-new at rottnic.nl Received: from rottnic.nl ([127.0.0.1]) by localhost (rottnic.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i0bqUJPZLg2I; Thu, 22 Mar 2007 22:44:32 +0100 (CET) Received: from [10.0.1.8] (rottbook.rottnet.rottnic.nl [10.0.1.8]) by rottnic.nl (Postfix) with ESMTP id 3D9EE3F43A; Thu, 22 Mar 2007 22:44:32 +0100 (CET) In-Reply-To: <226ae0c60703220745x6764d58du4798c3e25d65d5cd@mail.gmail.com> References: <226ae0c60703220745x6764d58du4798c3e25d65d5cd@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-23-871657882; protocol="application/pkcs7-signature" Message-Id: From: Guido Demmenie Date: Thu, 22 Mar 2007 22:44:29 +0100 To: David Robillard X-Mailer: Apple Mail (2.752.2) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: FreeBSD Questions Subject: Re: remote logging with syslogd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2007 21:44:41 -0000 --Apple-Mail-23-871657882 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On Mar 22, 2007, at 3:45 PM, David Robillard wrote: >> Hello, >> >> I'm trying to put up a remote logging server. I want to let my >> Airport Express send its logs to my FreeBSD server. >> >> So I said to my Airport to send its logs to the internal ip of my >> server, I suppose it works because that's what Apple hardware does. >> Now I did the following things on my bsdbox: >> >> >> I appended to syslog.conf: >> >> # Log remote Airport Express >> +airport >> *.* /var/log/airport.log >> !* >> >> I touched /var/log/airport.log and it has rw-r----- root:wheel rights >> >> And to rc.conf I added: >> >> syslogd_enable="YES" >> syslogd_flags="-b myhostname.intranet -a *.intranet" >> >> I restarted syslogd via: >> # /etc/rc.d/syslogd restart >> >> I suppose it should work, but nothing appears in /var/log/airport and >> there should be something that it listens for input or not? >> >> Also I checked netstat -a | grep syslog >> udp4 0 0 myhostname.intranet..syslo *.* >> >> So it looks like it is not listening. >> >> Anyone any ideas what I'm doing wrong? > > The Apple AirPort products, both Extreme and Express, do not use the > standard syslog UDP port 514. They send it at a higher port. Just like > most Cisco devices do. > > So to enable logging on a FreeBSD host, you must change your > rc.conf(5) syslog_flags line to enable other non-standard syslog > ports. Try something like this: > > syslogd_flags="-b myhostname.intranet -a *.intranet:*" > > Since you're using names instead of IP addresses in your > configuration, make sure your DNS resolves both A and PTR records for > the AirPort. Thnx for the tip. Found out that it was not the airport UDP port. It is some misconfiguration in my DNS, but still don't get why it doesn't work as expected. For some reason my DNS-name is snipped just before the TLD. Oh btw i changed some configs I prepended to /etc/syslog.conf the next and deleted what I wrote above # Log remote Airport Express +airport.intranet.mydomain.org *.* /var/log/airport.log +* !* And in rc.conf I changed the above to: syslogd_enable="YES" syslogd_flags="-b myhostname.intranet.mydomain.org -a airport.intranet.mydomain.org" So what comes in on syslogd looks like "airport.intranet.mydomain" so no .org or something. I really don't get where that comes from. But now syslogd rejects because of "name mismatch". I suppose something is wrong with either my DNS or my DHCP (appending the domainname??), but at dhcpd I have the option "domain-name" set to "intranet.mydomain.org". So still don't get whats going wrong. My dns gives a the right IP and reverse gives right name. dig airport.intranet.mydomain.org --> 10.0.10.30 dig -x 10.0.10.30 --> airport.intranet.mydomain.org So anyone any ideas? TIA --Guido www.rottnic.nl --Apple-Mail-23-871657882--