Date: Fri, 27 Aug 1999 19:26:10 -0700 From: The Mad Scientist <madscientist@thegrid.net> To: freebsd-questions@freebsd.org Subject: syslogd not logging to remote host Message-ID: <4.1.19990827190547.009484c0@mail.thegrid.net>
next in thread | raw e-mail | index | archive | help
Hello all,
I've got two machines. One of them I'd like to use as a loghost. Things
were working great a while ago. I moved my loghost to a new machine with a
new name, changed the name in /etc/syslog.conf on the other machine and
re-started. Weeeeelll, now it don't work. Here's some data:
Both machines are
wormhole:/home/root# uname -a
FreeBSD wormhole 3.2-RELEASE FreeBSD 3.2-RELEASE #2: Fri Aug 20 19:54:03
GMT 1999 root@watchtower.example.org:/usr/src/sys/compile/WORMHOLE i386
On the host that will be sending the logs: wormhole
wormhole:/home/root# syslogd -d -ss
off & running....
init
cfline("*.err;kern.*;auth.*;authpriv.none;mail.crit
/var/log/messages", f, "*")
cfline("auth.*;authpriv.none
@watchtower", f, "*")
cfline("authpriv.*
@watchtower", f, "*")
cfline("authpriv.* root", f, "*")
cfline("mail.*
@watchtower", f, "*")
cfline("cron.*
@watchtower", f, "*")
cfline("ftp.*
@watchtower", f, "*")
cfline("ftp.<=notice
/var/log/conslog", f, "*")
cfline("syslog.*
@watchtower", f, "*")
cfline("syslog.*
/var/log/syslog", f, "*")
cfline("kern.*
@watchtower", f, "*")
cfline("news,lpr,uucp,ntp.*
@watchtower", f, "*")
cfline("daemon.*
@watchtower", f, "*")
cfline("user.*
@watchtower", f, "*")
cfline("*.emerg *", f, "*")
cfline("*.emerg
@watchtower", f, "*")
cfline("*.*
@watchtower", f, "inetd")
cfline("*.*
@watchtower", f, "ipfw")
cfline("*.*
/dev/console", f, "ipfw")
cfline("*.*
/var/log/conslog", f, "ipfw")
8 3 2 3 8 3 3 3 3 3 X 3 3 3 3 3 3 3 3 3 3 3 3 3 X FILE: /var/log/messages
X X X X 8 X X X X X X X X X X X X X X X X X X X X FORW: watchtower
X X X X X X X X X X 8 X X X X X X X X X X X X X X FORW: watchtower
X X X X X X X X X X 8 X X X X X X X X X X X X X X USERS: root,
X X 8 X X X X X X X X X X X X X X X X X X X X X X FORW: watchtower
X X X X X X X X X 8 X X X X X X X X X X X X X X X FORW: watchtower
X X X X X X X X X X X 8 X X X X X X X X X X X X X FORW: watchtower
X X X X X X X X X X X 5 X X X X X X X X X X X X X FILE: /var/log/conslog
X X X X X 8 X X X X X X X X X X X X X X X X X X X FORW: watchtower
X X X X X 8 X X X X X X X X X X X X X X X X X X X FILE: /var/log/syslog
8 X X X X X X X X X X X X X X X X X X X X X X X X FORW: watchtower
X X X X X X 8 8 8 X X X 8 X X X X X X X X X X X X FORW: watchtower
X X X 8 X X X X X X X X X X X X X X X X X X X X X FORW: watchtower
X 8 X X X X X X X X X X X X X X X X X X X X X X X FORW: watchtower
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X FORW: watchtower
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FORW: watchtower (inetd)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FORW: watchtower (ipfw)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X CONSOLE: /dev/console (ipfw)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/conslog (ipfw)
logmsg: pri 56, flags 4, from wormhole, msg syslogd: restart
Logging to FORW watchtower
Logging to FILE /var/log/syslog
syslogd: restarted
logmsg: pri 6, flags 16, from wormhole, msg ed2: promiscuous mode enabled
Logging to FILE /var/log/messages
Logging to FORW watchtower
This says to me that syslog IS trying to send to the loghost (watchtower)
Here's watchtower:
watchtower:/var/log# syslogd -d -a 10.0.1.254/24 (<-- this IS wormhole's IP)
allowaddr: rule 0: numeric, addr = 10.0.1.254, mask = 255.255.255.0; port = 514
off & running....
init
cfline("*.err;kern.*;auth.*;authpriv.none;mail.crit
/dev/console", f, "*")
cfline("*.err;kern.*;auth.*;authpriv.none;mail.crit
/var/log/conslog", f, "*")
cfline("*.<=warning
/var/log/messages", f, "*")
cfline("auth.*;authpriv.none
/var/log/auth", f, "*")
cfline("authpriv.*
/var/log/secure", f, "*")
cfline("mail.*
/var/log/mail", f, "*")
cfline("cron.*
/var/log/cron", f, "*")
cfline("ftp.*
/var/log/ftp", f, "*")
cfline("ftp.<=notice
/dev/console", f, "*")
cfline("ftp.<=notice
/var/log/conslog", f, "*")
cfline("syslog.*
/var/log/syslog", f, "*")
cfline("kern.*
/var/log/kernel", f, "*")
cfline("news,lpr,uucp,ntp.*
/var/log/unused", f, "*")
cfline("daemon.*
/var/log/daemon", f, "*")
cfline("user.*
/var/log/user", f, "*")
cfline("*.emerg *", f, "*")
cfline("*.*
/var/log/inetd", f, "inetd")
8 3 2 3 8 3 3 3 3 3 X 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console
8 3 2 3 8 3 3 3 3 3 X 3 3 3 3 3 3 3 3 3 3 3 3 3 X FILE: /var/log/conslog
4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 X FILE: /var/log/messages
X X X X 8 X X X X X X X X X X X X X X X X X X X X FILE: /var/log/auth
X X X X X X X X X X 8 X X X X X X X X X X X X X X FILE: /var/log/secure
X X 8 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/mail
X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron
X X X X X X X X X X X 8 X X X X X X X X X X X X X FILE: /var/log/ftp
X X X X X X X X X X X 5 X X X X X X X X X X X X X CONSOLE: /dev/console
X X X X X X X X X X X 5 X X X X X X X X X X X X X FILE: /var/log/conslog
X X X X X 8 X X X X X X X X X X X X X X X X X X X FILE: /var/log/syslog
8 X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/kernel
X X X X X X 8 8 8 X X X 8 X X X X X X X X X X X X FILE: /var/log/unused
X X X 8 X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/daemon
X 8 X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/user
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/inetd (inetd)
logmsg: pri 56, flags 4, from watchtower, msg syslogd: restart
Logging to FILE /var/log/messages
Logging to FILE /var/log/syslog
syslogd: restarted
No dice. Snooping at the same time
wormhole:/home/root# tcpdump udp
tcpdump: listening on ed0
^c
wormhole:/home/root# cat /etc/syslog.conf
# $Id: syslog.conf,v 1.9 1998/10/14 21:59:55 nate Exp $
#
# Spaces are NOT valid field separators in this file.
# Consult the syslog.conf(5) manpage.
*.err;kern.*;auth.*;authpriv.none;mail.crit /var/log/messages
#*.err;kern.*;auth.*;authpriv.none;mail.crit @watchtower
#*.<=warning @watchtower
auth.*;authpriv.none @watchtower
authpriv.* @watchtower
authpriv.* root
mail.* @watchtower
cron.* @watchtower
ftp.* @watchtower
#ftp.<=notice /dev/console
ftp.<=notice /var/log/conslog
syslog.* @watchtower
syslog.* /var/log/syslog
kern.* @watchtower
news,lpr,uucp,ntp.* @watchtower
daemon.* @watchtower
user.* @watchtower
*.emerg *
*.emerg @watchtower
!inetd
*.* @watchtower
!ipfw
*.* @watchtower
*.* /dev/console
*.* /var/log/conslog
I don't get it.
Thanks for your help.
Dean
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990827190547.009484c0>