Date: Fri, 10 Nov 2000 17:56:56 -0600 (CST) From: Mike Meyer <mwm@mired.org> To: Daniel Podolsky <daniel.podolsky@twelvehorses.com> Cc: questions@freebsd.org Subject: RE: Logging to remote syslogd Message-ID: <14860.35656.389841.767243@guru.mired.org> In-Reply-To: <856E94D34FF3D311B5FE00508B6B8BD22A34A9@BlackWidow.twelvehorses.int> References: <856E94D34FF3D311B5FE00508B6B8BD22A34A9@BlackWidow.twelvehorses.int>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Podolsky <daniel.podolsky@twelvehorses.com> types: > > Dear Mike, > > Thank you for you answer. > > Especially for you I've run the syslogd with command > syslogd -d -a 193.120.127.33/32:* >s.t Well, you shouldn't do it for me, you should show send it to -questions. More eyes mean it's more likely that somene will spot the problem. > And this is a s.t > [begin] > allowaddr: rule 0: numeric, addr = 193.120.127.33, mask = 255.255.255.255; > port = 0 > off & running.... > init > cfline("*.err;kern.debug;auth.notice;mail.crit /dev/console", f, > "*") > cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages", > f, "*") > cfline("security.* /var/log/security", > f, "*") > cfline("mail.info /var/log/maillog", > f, "*") > cfline("lpr.info /var/log/lpd-errs", > f, "*") > cfline("cron.* /var/log/cron", f, > "*") > cfline("*.err root", f, "*") > cfline("*.notice;news.err root", f, "*") > cfline("*.alert root", f, "*") > cfline("*.emerg *", f, "*") > cfline("*.* /var/log/all.log", > f, "*") > cfline("local7.* /var/log/c7200.log", > f, "*") > cfline("*.* /var/log/slip.log", > f, "startslip") > cfline("*.* /var/log/ppp.log", > f, "ppp") > cfline("*.* /var/log/pppd.log", > f, "pppd") > cfline("*.* /var/log/ipfw.log", > f, "ipfw") > 7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console > 7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages > X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security > X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog > X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs > X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron > 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root, > 5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root, > 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root, > 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: > 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/all.log > X X X X X X X X X X X X X X X X X X X X X X X 8 X FILE: /var/log/c7200.log > 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log > (startslip) > 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log > (ppp) > 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/pppd.log > (pppd) > 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ipfw.log > (ipfw) > logmsg: pri 56, flags 4, from lf, msg syslogd: restart > Logging to FILE /var/log/all.log > syslogd: restarted > logmsg: pri 156, flags 16, from lf, msg ipfw: 1100 Accept UDP > 193.120.127.33:58896 193.120.127.35:514 in via lnc0 > Logging to FILE /var/log/security > Logging to FILE /var/log/all.log > Logging to FILE /var/log/ipfw.log > logmsg: pri 116, flags 0, from lf, msg Nov 10 23:30:00 CRON[2243]: (root) > CMD (/usr/libexec/atrun) > Logging to FILE /var/log/cron > Logging to FILE /var/log/all.log > syslogd: exiting on signal 2 > syslogd: exiting on signal 2 > logmsg: pri 53, flags 4, from lf, msg syslogd: exiting on signal 2 > Logging to CONSOLE /dev/console > Logging to FILE /var/log/messages > Logging to USERS > Logging to USERS > Logging to FILE /var/log/all.log > > We can see the packet from Cisco, but we can not see the message Cisco's > mesage. > > Yes, I know, this functionality works. It works for me for Cisco 1005 and > FreeBSD 3.2. I'm really surprised... It is looks like the syslogd does not > hear the port 514... Have you got divert rules in your firewall, perhaps? Possibly something in your syslog.conf will provide a clue. Again, don't send them to me, send them to -questions. That will give more people a chance to look at them and possibly spot the problem. <mike > Thank you for you help. > > With best regards, > Daniel Podolsky > > >-----Original Message----- > >From: Mike Meyer [mailto:mwm@mired.org] > >Sent: Friday, November 10, 2000 9:13 PM > >To: Daniel Podolsky > >Cc: questions@freebsd.org > >Subject: Re: Logging to remote syslogd > > > > > >Daniel Podolsky <daniel.podolsky@twelvehorses.com> types: > >> Dear All, > >> > >> I'm tryed to configure my Cisco for logging to the syslog on > >my FreeBSD > >> 4.1.1. > >> I have confugred the Cisco correctly. I can see Cisco's > >incoming UDP packets > >> to port 514 in a ipfw log. > > > >They are being accepted, not denied, right? Show us the log > >messages, please? > > > >> The syslogd run command is "syslogd -a <Cisco1Address>/32 > >> <Cisco2Address>/32". > > > >Can we have the actually command or - hopefully - the variables from > >rc.conf? In more than one similar case, it's been a simple typo that a > >fresh pair of eyes will immediately spot. However, we can't do that if > >you don't give us all the information. > > > >> For testing purposes I have added the string "*.* > >/var/log/all.log" to > >> the /etc/syslog.conf > >> However, I can not see Cosco's packets in a all.log. Also, I > >can not see the > >> trace of this packets then I run syslogd with "-d". > > > >Can you see *anything* in /var/log/all.log? > > > >This kind of functionality works - I use it between FreeBSD boxes. > > > > <mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14860.35656.389841.767243>