Date: Sun, 15 Apr 2007 15:25:30 -0400 From: web@3dresearch.com To: Bill Moran <wmoran@potentialtech.com> Cc: freebsd-questions@freebsd.org Subject: Re: Syslog not logging remote host Message-ID: <6.2.1.2.0.20070415151732.0756de30@imap.telissant.com> In-Reply-To: <20070413204810.7f79d9fe.wmoran@potentialtech.com> References: <f3FBuLwP.1176475224.6331340.janos@imap.3dresearch.com> <20070413204810.7f79d9fe.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:48 PM 4/13/2007, you wrote: >"Janos Dohanics" <web@3dresearch.com> wrote: > > > > I'm trying capture logs from m0n0wall, but the log file is empty. > > > > Here is my configuration: > > > > On the logging machine, in /etc/rc.conf: > > > > syslogd_flags="-a 10.61.70.1" > > > > In /etc/syslog.conf: > > > > +10.61.70.1 > > *.* /var/log/m0n0wall.log > > > > /var/log/m0n0wall.log exists and writable: > > > > -rw-rw-r-- 1 root network 0 Apr 13 00:32 /var/log/m0n0wall.log > > > > The m0n0wall is configured to send logs to 10.61.70.100, which is the > > logging machine. > > > > What am I missing? > >Start with tcpdump on the receiving machine: >tcpdump 'port 514' >to see if you're even receiving messages from the monowall machine. > >If not, then double-check your config on the monowall machine. If so, >check the receiving machine. > >Did you restart syslogd on both systems after making config changes? My apologies to everyone trying to help me for wasting their time - 10.61.70.100 is happily logging what 10.61.70.1 is sending. 10.61.70.1 is being logged to /var/log/messages (finally occurred to me to check that). What I'm wondering now is that why is 10.61.70.1 not being logged in /var/log/m0n0wall.log? Here is my /etc/syslog.conf: *.err;kern.warning;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron *.=debug /var/log/debug.log *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log #console.info /var/log/console.log # uncomment this to enable logging of all log messages to /var/log/all.log # touch /var/log/all.log and chmod it to mode 600 before it will work #*.* /var/log/all.log # uncomment this to enable logging to a remote loghost named loghost #*.* @loghost # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log +10.61.70.1 *.* /var/log/m0n0wall.log -- Janos Dohanics
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.1.2.0.20070415151732.0756de30>