From owner-freebsd-questions@FreeBSD.ORG  Thu Mar 22 22:19:51 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A58AF16A400
	for <freebsd-questions@freebsd.org>;
	Thu, 22 Mar 2007 22:19:51 +0000 (UTC)
	(envelope-from rottweilertje@rottnic.nl)
Received: from rottnic.nl (rottnic.demon.nl [83.160.164.231])
	by mx1.freebsd.org (Postfix) with ESMTP id 26C4413C44C
	for <freebsd-questions@freebsd.org>;
	Thu, 22 Mar 2007 22:19:51 +0000 (UTC)
	(envelope-from rottweilertje@rottnic.nl)
Received: from localhost (unknown [127.0.0.1])
	by rottnic.nl (Postfix) with ESMTP id 258093F4AD;
	Thu, 22 Mar 2007 23:19:50 +0100 (CET)
X-Virus-Scanned: amavisd-new at rottnic.nl
Received: from rottnic.nl ([127.0.0.1])
	by localhost (rottnic.nl [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Rxtfo1QuYFOP; Thu, 22 Mar 2007 23:19:44 +0100 (CET)
Received: from [10.0.1.8] (rottbook.rottnet.rottnic.nl [10.0.1.8])
	by rottnic.nl (Postfix) with ESMTP id 14E0E3F43A;
	Thu, 22 Mar 2007 23:19:43 +0100 (CET)
In-Reply-To: <E003A2D3-BD3F-4086-8D21-60342EA443B8@rottnic.nl>
References: <226ae0c60703220745x6764d58du4798c3e25d65d5cd@mail.gmail.com>
	<E003A2D3-BD3F-4086-8D21-60342EA443B8@rottnic.nl>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <F2A23216-6190-486B-A0C2-1F2765640651@rottnic.nl>
Content-Transfer-Encoding: 7bit
From: Guido Demmenie <rottweilertje@rottnic.nl>
Date: Thu, 22 Mar 2007 23:19:41 +0100
To: Guido Demmenie <rottweilertje@rottnic.nl>
X-Mailer: Apple Mail (2.752.2)
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: remote logging with syslogd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2007 22:19:51 -0000


On Mar 22, 2007, at 10:44 PM, Guido Demmenie wrote:

>
> On Mar 22, 2007, at 3:45 PM, David Robillard wrote:
>
>>> Hello,
>>>
>>> I'm trying to put up a remote logging server. I want to let my
>>> Airport Express send its logs to my FreeBSD server.
>>>
>>> So I said to my Airport to send its logs to the internal ip of my
>>> server, I suppose it works because that's what Apple hardware does.
>>> Now I did the following things on my bsdbox:
>>>
>>>
>>> I appended to syslog.conf:
>>>
>>> # Log remote Airport Express
>>> +airport
>>> *.*             /var/log/airport.log
>>> !*
>>>
>>> I touched /var/log/airport.log and it has rw-r----- root:wheel  
>>> rights
>>>
>>> And to rc.conf I added:
>>>
>>> syslogd_enable="YES"
>>> syslogd_flags="-b myhostname.intranet -a *.intranet"
>>>
>>> I restarted syslogd via:
>>> # /etc/rc.d/syslogd restart
>>>
>>> I suppose it should work, but nothing appears in /var/log/airport  
>>> and
>>> there should be something that it listens for input or not?
>>>
>>> Also I checked netstat -a | grep syslog
>>> udp4       0      0  myhostname.intranet..syslo *.*
>>>
>>> So it looks like it is not listening.
>>>
>>> Anyone any ideas what I'm doing wrong?
>>
>> The Apple AirPort products, both Extreme and Express, do not use the
>> standard syslog UDP port 514. They send it at a higher port. Just  
>> like
>> most Cisco devices do.
>>
>> So to enable logging on a FreeBSD host, you must change your
>> rc.conf(5) syslog_flags line to enable other non-standard syslog
>> ports. Try something like this:
>>
>> syslogd_flags="-b myhostname.intranet -a *.intranet:*"
>>
>> Since you're using names instead of IP addresses in your
>> configuration, make sure your DNS resolves both A and PTR records for
>> the AirPort.
>
> Thnx for the tip. Found out that it was not the airport UDP port.  
> It is
> some misconfiguration in my DNS, but still don't get why it doesn't  
> work
> as expected. For some reason my DNS-name is snipped just before the  
> TLD.
>
> Oh btw i changed some configs
>
> I prepended to /etc/syslog.conf the next and deleted what I wrote  
> above
> # Log remote Airport Express
> +airport.intranet.mydomain.org
> *.*             /var/log/airport.log
> +*
> !*
>
> And in rc.conf I changed the above to:
> syslogd_enable="YES"
> syslogd_flags="-b myhostname.intranet.mydomain.org -a  
> airport.intranet.mydomain.org"
>
> So what comes in on syslogd looks like "airport.intranet.mydomain"  
> so no
> .org or something. I really don't get where that comes from. But now
> syslogd rejects because of "name mismatch".
>
> I suppose something is wrong with either my DNS or my DHCP (appending
> the domainname??), but at dhcpd I have the option "domain-name" set to
> "intranet.mydomain.org". So still don't get whats going wrong.
>
> My dns gives a the right IP and reverse gives right name.
> dig airport.intranet.mydomain.org --> 10.0.10.30
> dig -x 10.0.10.30 --> airport.intranet.mydomain.org

Found out some more ... it has to do with the line in rc.conf
when I change that to:

syslogd_flags="-b myhostname.intranet.mydomain.org -a  
airport.intranet.mydomain"

than it works, but still I don't understand why, for if I dig this  
name I get nothing.

greets
--
Guido