Date: Thu, 22 Mar 2007 23:19:41 +0100 From: Guido Demmenie <rottweilertje@rottnic.nl> To: Guido Demmenie <rottweilertje@rottnic.nl> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: remote logging with syslogd Message-ID: <F2A23216-6190-486B-A0C2-1F2765640651@rottnic.nl> In-Reply-To: <E003A2D3-BD3F-4086-8D21-60342EA443B8@rottnic.nl> References: <226ae0c60703220745x6764d58du4798c3e25d65d5cd@mail.gmail.com> <E003A2D3-BD3F-4086-8D21-60342EA443B8@rottnic.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 22, 2007, at 10:44 PM, Guido Demmenie wrote: > > On Mar 22, 2007, at 3:45 PM, David Robillard wrote: > >>> Hello, >>> >>> I'm trying to put up a remote logging server. I want to let my >>> Airport Express send its logs to my FreeBSD server. >>> >>> So I said to my Airport to send its logs to the internal ip of my >>> server, I suppose it works because that's what Apple hardware does. >>> Now I did the following things on my bsdbox: >>> >>> >>> I appended to syslog.conf: >>> >>> # Log remote Airport Express >>> +airport >>> *.* /var/log/airport.log >>> !* >>> >>> I touched /var/log/airport.log and it has rw-r----- root:wheel >>> rights >>> >>> And to rc.conf I added: >>> >>> syslogd_enable="YES" >>> syslogd_flags="-b myhostname.intranet -a *.intranet" >>> >>> I restarted syslogd via: >>> # /etc/rc.d/syslogd restart >>> >>> I suppose it should work, but nothing appears in /var/log/airport >>> and >>> there should be something that it listens for input or not? >>> >>> Also I checked netstat -a | grep syslog >>> udp4 0 0 myhostname.intranet..syslo *.* >>> >>> So it looks like it is not listening. >>> >>> Anyone any ideas what I'm doing wrong? >> >> The Apple AirPort products, both Extreme and Express, do not use the >> standard syslog UDP port 514. They send it at a higher port. Just >> like >> most Cisco devices do. >> >> So to enable logging on a FreeBSD host, you must change your >> rc.conf(5) syslog_flags line to enable other non-standard syslog >> ports. Try something like this: >> >> syslogd_flags="-b myhostname.intranet -a *.intranet:*" >> >> Since you're using names instead of IP addresses in your >> configuration, make sure your DNS resolves both A and PTR records for >> the AirPort. > > Thnx for the tip. Found out that it was not the airport UDP port. > It is > some misconfiguration in my DNS, but still don't get why it doesn't > work > as expected. For some reason my DNS-name is snipped just before the > TLD. > > Oh btw i changed some configs > > I prepended to /etc/syslog.conf the next and deleted what I wrote > above > # Log remote Airport Express > +airport.intranet.mydomain.org > *.* /var/log/airport.log > +* > !* > > And in rc.conf I changed the above to: > syslogd_enable="YES" > syslogd_flags="-b myhostname.intranet.mydomain.org -a > airport.intranet.mydomain.org" > > So what comes in on syslogd looks like "airport.intranet.mydomain" > so no > .org or something. I really don't get where that comes from. But now > syslogd rejects because of "name mismatch". > > I suppose something is wrong with either my DNS or my DHCP (appending > the domainname??), but at dhcpd I have the option "domain-name" set to > "intranet.mydomain.org". So still don't get whats going wrong. > > My dns gives a the right IP and reverse gives right name. > dig airport.intranet.mydomain.org --> 10.0.10.30 > dig -x 10.0.10.30 --> airport.intranet.mydomain.org Found out some more ... it has to do with the line in rc.conf when I change that to: syslogd_flags="-b myhostname.intranet.mydomain.org -a airport.intranet.mydomain" than it works, but still I don't understand why, for if I dig this name I get nothing. greets -- Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F2A23216-6190-486B-A0C2-1F2765640651>