From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 30 13:56:59 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id DC34EE1
 for <freebsd-questions@freebsd.org>; Thu, 30 Apr 2015 13:56:58 +0000 (UTC)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "ca.infracaninophile.co.uk" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 762051CE6
 for <freebsd-questions@freebsd.org>; Thu, 30 Apr 2015 13:56:58 +0000 (UTC)
Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com
 [85.199.232.226] (may be forged)) (authenticated bits=0)
 by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t3UDuUJA072002
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <freebsd-questions@freebsd.org>; Thu, 30 Apr 2015 14:56:51 +0100 (BST)
 (envelope-from m.seaman@infracaninophile.co.uk)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=infracaninophile.co.uk
DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t3UDuUJA072002
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=infracaninophile.co.uk; s=201001-infracaninophile; t=1430402211;
 bh=xpOsv2Tog02dc+xO8mksshlmpXghJS2pFNz/36ej5TA=;
 h=Date:From:To:Subject:References:In-Reply-To;
 z=Date:=20Thu,=2030=20Apr=202015=2014:56:29=20+0100|From:=20Matthew
 =20Seaman=20<m.seaman@infracaninophile.co.uk>|To:=20freebsd-questi
 ons@freebsd.org|Subject:=20Re:=20minor=20syslog=20issue|References
 :=20<55422366.8060000@hiwaay.net>=20<554229CE.30009@infracaninophi
 le.co.uk>=20<55422E43.8090206@hiwaay.net>|In-Reply-To:=20<55422E43
 .8090206@hiwaay.net>;
 b=B9zBsxri3H2FJy2/K34/mzkAwdN0vGD3Z7hMfSR7OqOkstUtazrEgMYMAmO/qnlfs
 5G+ydUhHvMciXY0o9zn+SP580ie38f6M88zE5bWDUf+mUgttZ0pI2TdsbWbJtyB1wO
 6QR92nINdOsb+qkjvy1jlc5R1HCmjf4+SRRtAx08=
X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host
 no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be
 ox-dell39.ox.adestra.com
Message-ID: <5542348D.8000109@infracaninophile.co.uk>
Date: Thu, 30 Apr 2015 14:56:29 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Re: minor syslog issue
References: <55422366.8060000@hiwaay.net>
 <554229CE.30009@infracaninophile.co.uk> <55422E43.8090206@hiwaay.net>
In-Reply-To: <55422E43.8090206@hiwaay.net>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="XTTVDOiA9aVJxVguWXCiauvnjcmFIWPed"
X-Virus-Scanned: clamav-milter 0.98.6 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU autolearn=ham autolearn_force=no
 version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 lucid-nonsense.infracaninophile.co.uk
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2015 13:56:59 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--XTTVDOiA9aVJxVguWXCiauvnjcmFIWPed
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 04/30/15 14:28, William A. Mahaffey III wrote:
> 08:23:28.496828 IP RPiB+.59735 > kabini1.local.syslog: SYSLOG
> syslog.error, length: 59
> 08:23:28.497229 IP RPiB+.59735 > kabini1.local.syslog: SYSLOG
> syslog.error, length: 59

This is the only relevant bit out of your tcpdump output -- it usually
helps if you filter out as much of the irrelevant stuff that you can[*].

Anyhow, as you can see, your RPiB+ is logging *from* an arbitrary
high-numbered port.  This time it happens to be using 59735 but that
would probably change with each restart of syslogd.  Basically use the
'-a 192.168.0.0/16:*' form in this case.

	Cheers,

	Matthew

[*] ie. 'tcpdump port syslog' should work as the packets are being sent
to the syslog port on your server.


--XTTVDOiA9aVJxVguWXCiauvnjcmFIWPed
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJVQjSOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw
MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTn4f0P+gItCShIDGTIC2FxlNP5VGCB
75oBOZFZa3JK0R5jHSpQtE62qtmnkUNKOxfyppC7bkDm/FX4USkeHbYAULF9RG6x
R2vWB+6ZvGt0YD7Za5xo3axJF5wrGzzVeIai3dehQVvGFTR/+mjxq8ogPcdxcKeU
qNf7EeJCbLc2VtsQfaq00OeZvXdEyn4FAiduT0WTfrB8vXK2e87Dj5Z+nH+FExw4
Qjx4OfMuH1MNwyiIj/hE7d7iP6LhNzKTPcWJUP7jnLh5MMu9YubeE5TfgLRdKE/S
ozINnJQFFUTkglRgrODyNBr3XID+JknBhRIaJAhTl0CNyPVviyR+LYb0mFPZNfbW
XAmF/YxzUNzPRnMpQ0TmUu5G+rhKP3BCqR+km+pWR7ZjKhkBMQEbzwJmKOfSx51z
iyhLTFBC+iU1p0Iulx+mzJ+0rHDSbencvYsFk11Y4fZdAYEGqObpRHADAAiQnw70
h/h63Tths6ElR+f5t2/p6KFayVW8kgmEvJQzXr6N5wGo/0Z0IviHWxOacdVwYcRM
mqTh2jM5iGyVom+Rtg7rZQE0NhAApO+uUE+kYH2Uv1Fcq2d20K089zvZB2DDV1bx
MukESKq9eYmR4zgOcTjCn4KdADQW0Oq7CtBQcrbfjpOHe4KvFA4fiNnHY1WMN3OG
JSGa9F0AOTXI6BZPce7v
=GWv+
-----END PGP SIGNATURE-----

--XTTVDOiA9aVJxVguWXCiauvnjcmFIWPed--