Date: Fri, 29 Jun 2001 09:10:46 -0700 From: Drew Tomlinson <drewt@writeme.com> To: cjclark@alum.mit.edu Cc: questions@FreeBSD.ORG Subject: RE: How To Receive Syslog Messages From Another Device? Message-ID: <5CD46247635BD511B6B100A0CC3F0239259FDB@ldcmsx01.lc.ca.gov> In-Reply-To: <20010629011526.A375@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you very much! I'll try this stuff this weekend if I get some free time. Thanks, Drew > -----Original Message----- > From: Crist J. Clark [mailto:cristjc@earthlink.net] > Sent: Friday, June 29, 2001 1:15 AM > To: Mike Meyer > Cc: Drew Tomlinson; questions@FreeBSD.ORG > Subject: Re: How To Receive Syslog Messages From Another Device? > > > On Thu, Jun 28, 2001 at 11:24:32PM -0500, Mike Meyer wrote: > > Drew Tomlinson <drewt@writeme.com> types: > > > > From: Mike Meyer [mailto:mwm@mired.org] > > > > Drew Tomlinson <drewt@writeme.com> types: > > > > > I have a 3Com ADSL router for my home network. I > have found that it > > > > > (according to the docs) has the capability to send log > > > > messages to syslogd > > > > Hmm - it works fine for me, without the ":*" as I'm > going from FBSD to > > > > FBSD. You do need to make sure that syslogd is started > without "-s", > > > > as that causes it to ignore the -a. If syslog is sending packets > > > > from the syslog udp port, you might try dropping the ":*". > > > Thanks for your response. I'm still a newbie but > learning. :) I recall > > > when I setup ntpd that to get log messages, I had to put > an entry in > > > syslog.conf that was something along the lines of: > > > ntp.info /var/log/ntp.log > > > Where ntp is the "name" (for lack of a better word) of > the program sending > > > the message and info is the level at which to log. The > file spec is the > > > file to log to. > > > > According to the documentation, that's "the selector field which > > specifies the types of messages and priorities". > > In the example above, "ntp" is the FACILITY, "info" is the LEVEL, the > combination of "ntp.info" is the SELECTOR, and "/var/log/ntp.log" is > the ACTION. > > > The program name can > > be selected for with the "!progname" construct. > > Correct. This is not used in the example. > > > As far as I can tell, > > there isn't any way to select on hostname. > > Uh, read syslog.conf(5) again, > > A hostname specification of the > form `#+hostname' or > `+hostname' and the following blocks will be applied to > messages received > from the specified hostname. Alternatively, a hostname > specification > `#-hostname' or `-hostname' causes the following blocks > to be applied to > messages from any host but the one specified. If the > hostname is given > as `@', the local hostname will be used. A program or > hostname specifi- > cation may be reset by giving the program or hostname as `*'. > > > > So I assume I need the "name" of the messages coming from > my router and add > > > a similar line to syslog.conf. Would this be correct? > I've called 3Com to > > > get this "name" and all they could do was point me to > some freeware syslog > > > daemons for Windows. > > Put an entry like, > > +router.hostname > *.* /var/log/router.log > > In your syslog.conf. Run syslogd like, > > # syslogd -vv -a router.hostname > > To see what facility it is using (probably one of the local[0-7] > ones). After you see what it is up to, do some fine tuning. > > > > > If nothing else works, enable a firewall on the > destination box set to > > > > log everything, and see what's getting sent to it. > > > So if I do this, will I see the "name" I need above? > What is some good "how > > > to's" for doing this? I assume there's something in the > handbook. Anywhere > > > else you'd recommend I look? > > A better idea is to turn on tcpdump(8) to catch the packets, > > # tcpdump -s1500 -nvv 'udp && port 514' > > I forget at what level of detail tcpdump(8) prints them. If you don't > see the facility, level, and message, do, > > # tcpdump -s1500 -nvvX 'udp && port 514' > > And read the packets on your own. > -- > Crist J. Clark cjclark@alum.mit.edu > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5CD46247635BD511B6B100A0CC3F0239259FDB>