From owner-freebsd-questions Fri Aug 27 19:32:12 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail-gw5.pacbell.net (mail-gw5.pacbell.net [206.13.28.23]) by hub.freebsd.org (Postfix) with ESMTP id 07CE914E29 for ; Fri, 27 Aug 1999 19:32:07 -0700 (PDT) (envelope-from madscientist@thegrid.net) Received: from remus (adsl-63-193-246-169.dsl.snfc21.pacbell.net [63.193.246.169]) by mail-gw5.pacbell.net (8.9.3/8.9.3) with SMTP id TAA20677 for ; Fri, 27 Aug 1999 19:31:03 -0700 (PDT) Message-Id: <4.1.19990827190547.009484c0@mail.thegrid.net> X-Sender: i664714@mail.thegrid.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Fri, 27 Aug 1999 19:26:10 -0700 To: freebsd-questions@freebsd.org From: The Mad Scientist Subject: syslogd not logging to remote host Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello all, I've got two machines. One of them I'd like to use as a loghost. Things were working great a while ago. I moved my loghost to a new machine with a new name, changed the name in /etc/syslog.conf on the other machine and re-started. Weeeeelll, now it don't work. Here's some data: Both machines are wormhole:/home/root# uname -a FreeBSD wormhole 3.2-RELEASE FreeBSD 3.2-RELEASE #2: Fri Aug 20 19:54:03 GMT 1999 root@watchtower.example.org:/usr/src/sys/compile/WORMHOLE i386 On the host that will be sending the logs: wormhole wormhole:/home/root# syslogd -d -ss off & running.... init cfline("*.err;kern.*;auth.*;authpriv.none;mail.crit /var/log/messages", f, "*") cfline("auth.*;authpriv.none @watchtower", f, "*") cfline("authpriv.* @watchtower", f, "*") cfline("authpriv.* root", f, "*") cfline("mail.* @watchtower", f, "*") cfline("cron.* @watchtower", f, "*") cfline("ftp.* @watchtower", f, "*") cfline("ftp.<=notice /var/log/conslog", f, "*") cfline("syslog.* @watchtower", f, "*") cfline("syslog.* /var/log/syslog", f, "*") cfline("kern.* @watchtower", f, "*") cfline("news,lpr,uucp,ntp.* @watchtower", f, "*") cfline("daemon.* @watchtower", f, "*") cfline("user.* @watchtower", f, "*") cfline("*.emerg *", f, "*") cfline("*.emerg @watchtower", f, "*") cfline("*.* @watchtower", f, "inetd") cfline("*.* @watchtower", f, "ipfw") cfline("*.* /dev/console", f, "ipfw") cfline("*.* /var/log/conslog", f, "ipfw") 8 3 2 3 8 3 3 3 3 3 X 3 3 3 3 3 3 3 3 3 3 3 3 3 X FILE: /var/log/messages X X X X 8 X X X X X X X X X X X X X X X X X X X X FORW: watchtower X X X X X X X X X X 8 X X X X X X X X X X X X X X FORW: watchtower X X X X X X X X X X 8 X X X X X X X X X X X X X X USERS: root, X X 8 X X X X X X X X X X X X X X X X X X X X X X FORW: watchtower X X X X X X X X X 8 X X X X X X X X X X X X X X X FORW: watchtower X X X X X X X X X X X 8 X X X X X X X X X X X X X FORW: watchtower X X X X X X X X X X X 5 X X X X X X X X X X X X X FILE: /var/log/conslog X X X X X 8 X X X X X X X X X X X X X X X X X X X FORW: watchtower X X X X X 8 X X X X X X X X X X X X X X X X X X X FILE: /var/log/syslog 8 X X X X X X X X X X X X X X X X X X X X X X X X FORW: watchtower X X X X X X 8 8 8 X X X 8 X X X X X X X X X X X X FORW: watchtower X X X 8 X X X X X X X X X X X X X X X X X X X X X FORW: watchtower X 8 X X X X X X X X X X X X X X X X X X X X X X X FORW: watchtower 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X FORW: watchtower 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FORW: watchtower (inetd) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FORW: watchtower (ipfw) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X CONSOLE: /dev/console (ipfw) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/conslog (ipfw) logmsg: pri 56, flags 4, from wormhole, msg syslogd: restart Logging to FORW watchtower Logging to FILE /var/log/syslog syslogd: restarted logmsg: pri 6, flags 16, from wormhole, msg ed2: promiscuous mode enabled Logging to FILE /var/log/messages Logging to FORW watchtower This says to me that syslog IS trying to send to the loghost (watchtower) Here's watchtower: watchtower:/var/log# syslogd -d -a 10.0.1.254/24 (<-- this IS wormhole's IP) allowaddr: rule 0: numeric, addr = 10.0.1.254, mask = 255.255.255.0; port = 514 off & running.... init cfline("*.err;kern.*;auth.*;authpriv.none;mail.crit /dev/console", f, "*") cfline("*.err;kern.*;auth.*;authpriv.none;mail.crit /var/log/conslog", f, "*") cfline("*.<=warning /var/log/messages", f, "*") cfline("auth.*;authpriv.none /var/log/auth", f, "*") cfline("authpriv.* /var/log/secure", f, "*") cfline("mail.* /var/log/mail", f, "*") cfline("cron.* /var/log/cron", f, "*") cfline("ftp.* /var/log/ftp", f, "*") cfline("ftp.<=notice /dev/console", f, "*") cfline("ftp.<=notice /var/log/conslog", f, "*") cfline("syslog.* /var/log/syslog", f, "*") cfline("kern.* /var/log/kernel", f, "*") cfline("news,lpr,uucp,ntp.* /var/log/unused", f, "*") cfline("daemon.* /var/log/daemon", f, "*") cfline("user.* /var/log/user", f, "*") cfline("*.emerg *", f, "*") cfline("*.* /var/log/inetd", f, "inetd") 8 3 2 3 8 3 3 3 3 3 X 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console 8 3 2 3 8 3 3 3 3 3 X 3 3 3 3 3 3 3 3 3 3 3 3 3 X FILE: /var/log/conslog 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 X FILE: /var/log/messages X X X X 8 X X X X X X X X X X X X X X X X X X X X FILE: /var/log/auth X X X X X X X X X X 8 X X X X X X X X X X X X X X FILE: /var/log/secure X X 8 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/mail X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron X X X X X X X X X X X 8 X X X X X X X X X X X X X FILE: /var/log/ftp X X X X X X X X X X X 5 X X X X X X X X X X X X X CONSOLE: /dev/console X X X X X X X X X X X 5 X X X X X X X X X X X X X FILE: /var/log/conslog X X X X X 8 X X X X X X X X X X X X X X X X X X X FILE: /var/log/syslog 8 X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/kernel X X X X X X 8 8 8 X X X 8 X X X X X X X X X X X X FILE: /var/log/unused X X X 8 X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/daemon X 8 X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/user 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/inetd (inetd) logmsg: pri 56, flags 4, from watchtower, msg syslogd: restart Logging to FILE /var/log/messages Logging to FILE /var/log/syslog syslogd: restarted No dice. Snooping at the same time wormhole:/home/root# tcpdump udp tcpdump: listening on ed0 ^c wormhole:/home/root# cat /etc/syslog.conf # $Id: syslog.conf,v 1.9 1998/10/14 21:59:55 nate Exp $ # # Spaces are NOT valid field separators in this file. # Consult the syslog.conf(5) manpage. *.err;kern.*;auth.*;authpriv.none;mail.crit /var/log/messages #*.err;kern.*;auth.*;authpriv.none;mail.crit @watchtower #*.<=warning @watchtower auth.*;authpriv.none @watchtower authpriv.* @watchtower authpriv.* root mail.* @watchtower cron.* @watchtower ftp.* @watchtower #ftp.<=notice /dev/console ftp.<=notice /var/log/conslog syslog.* @watchtower syslog.* /var/log/syslog kern.* @watchtower news,lpr,uucp,ntp.* @watchtower daemon.* @watchtower user.* @watchtower *.emerg * *.emerg @watchtower !inetd *.* @watchtower !ipfw *.* @watchtower *.* /dev/console *.* /var/log/conslog I don't get it. Thanks for your help. Dean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message