From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 1 10:05:11 2015 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8EF472B9 for ; Wed, 1 Apr 2015 10:05:11 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 370F7236 for ; Wed, 1 Apr 2015 10:05:11 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t31A4uVW001656 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Wed, 1 Apr 2015 11:04:57 +0100 (BST) (envelope-from matthew@freebsd.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=freebsd.org DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t31A4uVW001656 Authentication-Results: smtp.infracaninophile.co.uk/t31A4uVW001656; dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <551BC2C8.8020806@freebsd.org> Date: Wed, 01 Apr 2015 11:04:56 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Subject: Re: mess with syslogd References: In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mfxsutj3NW9S6UgEfpwi352lTGuATPCmm" X-Virus-Scanned: clamav-milter 0.98.6 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2015 10:05:11 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mfxsutj3NW9S6UgEfpwi352lTGuATPCmm Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 04/01/15 10:36, Wojciech Puchar wrote: > no idea how to debug a problem with syslogd. please help >=20 > i use syslogd to log messages from multiple other unix machines, now i > wanted to add logging from windows server (with evtsys program). >=20 > if i run syslogd with >=20 > syslogd_enable=3D"YES" # Run syslog daemon (or NO). > syslogd_flags=3D"-v -4 -8 -b 10.100.100.1" >=20 >=20 > it logs messages fine from windows server as well as others. >=20 >=20 > if i run it as >=20 > syslogd_flags=3D"-v -4 -8 -b 10.100.100.1 -a 10.100.0.0/16" >=20 > it logs messages fine from everything except windows servers, WHICH ARE= > IN 10.100.0.0/16 network. >=20 > Now i just use firewall rules to block logging from unwanted places, bu= t > no idea why just using -a blocks logs from windows/evtsys >=20 > any idea? >=20 You're implicitly telling syslogd what port numbers to accept on the sending side. The default is only to allow sending from port 514. Instead, try: syslogd_flags=3D"-v -4 -8 -b 10.100.100.1 -a 10.100.0.0/16:*" In theory you should be able to limit to only accepting packets sent from port 514 but I've found various different devices may use different ports. Looking at: # tcpdump -i em0 -A host 10.100.100.1 and port 514 should show what your systems are actually using. Cheers, Matthew --mfxsutj3NW9S6UgEfpwi352lTGuATPCmm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJVG8LIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnXnwQAJhdeT6GAJWssi4OZxsLLWCd blZHEUcOW0rnYFq1cle5LpDWlyUOZ2t/USRhk+G2O4gk1ceXjywmByCGpykxx9d9 W+zaYyZwqHD4m22hveYH/uRV/IT6qMEYjI8cOeHBA5zoF8wpmi4tKWDP7RdJ0efQ tki8J07xWXvKSCWi4H4xvOvvTL2ZUwXec+DVJEuXqJTK3Hrf+vaJdfgR/pfsESIR RSgD6HFsRvhKjJX7YYZBMN/PjlGVLjMWDN7YlelflcDhuNxcQmmw9zzFzzPpVl19 fL+h86cCfKH2lgmQsCI7bFVKCWTT/kFaIv/9zQMfM119Yuga1g7BdRC8y5N7vXTI NosZNgL54Nv1rOnm8G/+vtW16PmyntN9hta9rQQLChGFHJed5XlngVA4Li1dxDNB 66lu6uxQe5J66+Thi7QkCdjtkx9PnJTZxUtwRyYJT7/keAt6frUBDQhJwB7B9hwM OXt7kVCKT51GtvzJCvHGX/YYr2jbMk/JmVQAANUy3t50FFDMFzPRvaMmfRFEEZJi aA8123udoVULtFaq2I7LiBQwMpaDw0cjbNO0T1333XG9veEtNeUPg85dGwcFEc2v wv+E5BERRsCqzhNwQguQeIRfwReSOP3CtqKXrbGoNJfCrzWXj553JTHl39cRZv5J vgvVnMFzbWoOk1Ak450s =fEuG -----END PGP SIGNATURE----- --mfxsutj3NW9S6UgEfpwi352lTGuATPCmm--