From owner-freebsd-questions Sat Mar 8 11:24:34 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ED0637B404 for ; Sat, 8 Mar 2003 11:24:31 -0800 (PST) Received: from kira.epconline.net (kira.epconline.net [207.206.185.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 97D0C43F85 for ; Sat, 8 Mar 2003 11:24:30 -0800 (PST) (envelope-from carock@epctech.com) Received: from kira.epconline.net (root@localhost) by kira.epconline.net (8.12.7/8.12.6) with SMTP id h28JOTH1013539 for ; Sat, 8 Mar 2003 13:24:29 -0600 (CST) (envelope-from carock@epctech.com) Received: from isp4 (betterguard.epconline.net [207.206.185.193]) by kira.epconline.net (8.12.7/8.12.6) with SMTP id h28JOTD6013531 for ; Sat, 8 Mar 2003 13:24:29 -0600 (CST) (envelope-from carock@epctech.com) Reply-To: From: "Chuck Rock" To: Subject: Syslog problem Date: Sat, 8 Mar 2003 13:24:27 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG For the last few versions of FreeBSD, I have not been able to get my syslog to log my dial-up pool from my Cisco router. I changed the syslog startup flags in rc.conf. I'm running it now as /usr/sbin/syslogd -a 207.206.185.1/27 -a 209.83.132.1/27 The router is at .1 and configured to send it's logging messages to local7 syslog.conf is configured like this. *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info /var/log/lpd-errs cron.* /var/log/cron local0.* /var/log/local-0 local1.* /var/log/local-1 local2.* /var/log/local-2 local3.* /var/log/local-3 local4.* /var/log/local-4 local5.* /var/log/local-5 local6.* /var/log/local-6 local7.* /var/log/cisco etc... None of the syslg files for local facilities gets data. -rw-rw-r-- 1 root wheel 0 Mar 8 11:45 local-0 -rw-rw-r-- 1 root wheel 0 Mar 8 11:45 local-1 -rw-rw-r-- 1 root wheel 0 Mar 8 11:45 local-2 -rw-rw-r-- 1 root wheel 0 Mar 8 11:43 local-3 -rw-rw-r-- 1 root wheel 0 Mar 8 11:43 local-4 -rw-rw-r-- 1 root wheel 0 Mar 8 11:43 local-5 -rw-rw-r-- 1 root wheel 0 Mar 8 11:45 local-6 -rw-rw-r-- 1 root wheel 0 Mar 8 11:35 cisco Yet I do see data coming into this machine on the syslog port using tcpdump. tcpdump -w dumpfile1 -vvv port 514 kira(403):[/var/log]-#tcpdump -r dumpfile1 12:23:05.378296 gw.54139 > kira.epconline.net.syslog: udp 103 12:23:05.378540 gw.54139 > kira.epconline.net.syslog: udp 125 12:23:23.597642 gw.54139 > kira.epconline.net.syslog: udp 101 12:23:24.629645 gw.54139 > kira.epconline.net.syslog: udp 123 12:23:38.321355 gw.54139 > kira.epconline.net.syslog: udp 101 12:23:39.349425 gw.54139 > kira.epconline.net.syslog: udp 123 12:23:43.137243 gw.54139 > kira.epconline.net.syslog: udp 125 12:24:06.577077 gw.54139 > kira.epconline.net.syslog: udp 103 12:24:06.577266 gw.54139 > kira.epconline.net.syslog: udp 125 Cisco config... ! logging 207.206.185.2 gw(config)#logging facility local7 I did notice though while I was messing around with this stuff, this was logged on one of my ssh sessions... kira(416):[/etc]-#Mar 8 12:48:39.517 radiusd[6916] /usr/local/sbin/radiusd:users testing and DEFAULT not found Mar 8 12:48:39.519 radiusd[6916] Authenticate: gw1645, id=54: Neither User Nor Default Name: testing This is the logging information from the router which should be going to a file in /var/log I grep'd for radiusd from /var/log/* and go no results. Does anyone have any ideas? Any suggestions? I really need to get my Cisco logging working. Thanks, Chuck Rock Internet Services Manager EPC, Inc. http://www.epcusa.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message