Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 13 Aug 2005 22:28:31 -0500
From:      "Steve D." <steve@northcc.net>
To:        Aaron Peterson <dopplecoder@gmail.com>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: remote syslogging
Message-ID:  <42FEBA5F.10201@northcc.net>
In-Reply-To: <45d750d2050812131558f6c584@mail.gmail.com>
References:  <45d750d2050812131558f6c584@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Try:

+chsfirewall1
local6.notice                   /var/log/firewall/chsfirewall1.log
+*

+chsfirewall2
local6.notice                   /var/log/firewall/chsfirewall2.log
+*


If that doesn't work try running syslog in debug:

kill -9 `cat /var/run/syslog.pid`

syslogd -d -v -a 172.24.169.44/32:* -a 172.24.169.46/32:*




Aaron Peterson wrote:

>in /etc/rc.conf:
>
>syslogd_enable="YES"
>syslogd_flags="-a 172.24.169.44/32:* -a 172.24.169.46/32:*"
>
>---------------------------------------
>
>in syslog.conf:
>
>!*
>+chsfirewall1
>local6.notice                   /var/log/firewall/chsfirewall1.log
>
>+chsfirewall2
>local6.notice                   /var/log/firewall/chsfirewall2.log
>
>------------------------------------
>
>$ ls -l /var/log/firewall
>
>total 0
>-rw-------  1 root  wheel  0 Aug 12 15:23 chsfirewall1.log
>-rw-------  1 root  wheel  0 Aug 12 15:33 chsfirewall2.log
>
>-------------------------------------
>
>in /etc/hosts
>
>172.24.169.44   chsfirewall1
>172.24.169.46   chsfirewall2
>
>-------------------------------------
>
>$ tcpdump -i fxp0 -w firewall.bin udp and dst port 514
>
>15:58:57.151625 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
>15:58:57.151763 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
>15:58:57.151889 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 147
>15:58:57.152014 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 147
>15:58:57.152141 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
>15:58:57.166549 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
>15:58:57.166688 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 152
>15:58:57.166817 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
>15:58:57.166965 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
>15:58:57.167194 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 148
>15:58:59.086044 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148
>15:58:59.086179 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148
>15:58:59.086306 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148
>15:58:59.109459 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 149
>
>ethereal outpug for the same traffic:
>
>Frame 2226 (191 bytes on wire, 96 bytes captured)
>Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
>Internet Protocol, Src Addr: 172.24.169.44 (172.24.169.44), Dst Addr:
>172.26.35.21 (172.26.35.21)
>User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
>Syslog message: LOCAL6.NOTICE:  13445 08/12/2005 16:09:20 t...
>
>No.     Time        Source                Destination           Protocol Info
>   2227 0.922397    172.24.169.44         172.26.35.21          Syslog
>  LOCAL6.NOTICE:  13445 08/12/2005 16:09:20 t...
>
>Frame 2227 (190 bytes on wire, 96 bytes captured)
>Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
>Internet Protocol, Src Addr: 172.24.169.44 (172.24.169.44), Dst Addr:
>172.26.35.21 (172.26.35.21)
>User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
>Syslog message: LOCAL6.NOTICE:  13445 08/12/2005 16:09:20 t...
>
>No.     Time        Source                Destination           Protocol Info
>   2228 2.841247    172.24.169.46         172.26.35.21          Syslog
>  LOCAL6.NOTICE:  6129 08/12/2005 16:05:34 tE...
>
>Frame 2228 (190 bytes on wire, 96 bytes captured)
>Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
>Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr:
>172.26.35.21 (172.26.35.21)
>User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
>Syslog message: LOCAL6.NOTICE:  6129 08/12/2005 16:05:34 tE...
>
>No.     Time        Source                Destination           Protocol Info
>   2229 2.841382    172.24.169.46         172.26.35.21          Syslog
>  LOCAL6.NOTICE:  6129 08/12/2005 16:05:42 tE...
>
>Frame 2229 (190 bytes on wire, 96 bytes captured)
>Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
>Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr:
>172.26.35.21 (172.26.35.21)
>User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
>Syslog message: LOCAL6.NOTICE:  6129 08/12/2005 16:05:42 tE...
>
>No.     Time        Source                Destination           Protocol Info
>   2230 2.841509    172.24.169.46         172.26.35.21          Syslog
>  LOCAL6.NOTICE:  6129 08/12/2005 16:05:47 tE...
>
>Frame 2230 (190 bytes on wire, 96 bytes captured)
>Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
>Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr:
>172.26.35.21 (172.26.35.21)
>User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
>Syslog message: LOCAL6.NOTICE:  6129 08/12/2005 16:05:47 tE...
>
>No.     Time        Source                Destination           Protocol Info
>   2231 2.864662    172.24.169.46         172.26.35.21          Syslog
>  LOCAL6.NOTICE:  6129 08/12/2005 16:05:48 tE...
>
>Frame 2231 (191 bytes on wire, 96 bytes captured)
>Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
>Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr:
>172.26.35.21 (172.26.35.21)
>User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
>Syslog message: LOCAL6.NOTICE:  6129 08/12/2005 16:05:48 tE...
>
>...
>
>Nothing in /var/log/firewall/chsfirewall1.log or chsfirewall2.log
>
>I must be missing something...
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
>  
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42FEBA5F.10201>