From owner-freebsd-questions Mon Mar 10 5:58: 5 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5ACD137B401 for ; Mon, 10 Mar 2003 05:58:03 -0800 (PST) Received: from kira.epconline.net (kira.epconline.net [207.206.185.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71EEC43FBD for ; Mon, 10 Mar 2003 05:58:02 -0800 (PST) (envelope-from carock@epctech.com) Received: from kira.epconline.net (root@localhost) by kira.epconline.net (8.12.7/8.12.6) with SMTP id h2ADw1kP032399 for ; Mon, 10 Mar 2003 07:58:01 -0600 (CST) (envelope-from carock@epctech.com) Received: from kira.epconline.net (localhost [127.0.0.1]) by kira.epconline.net (8.12.7/8.12.6) with ESMTP id h2ADw1D6032386; Mon, 10 Mar 2003 07:58:01 -0600 (CST) (envelope-from carock@epctech.com) Received: from localhost (carock@localhost) by kira.epconline.net (8.12.7/8.12.6/Submit) with ESMTP id h2ADw0t3032382; Mon, 10 Mar 2003 07:58:00 -0600 (CST) X-Authentication-Warning: kira.epconline.net: carock owned process doing -bs Date: Mon, 10 Mar 2003 07:58:00 -0600 (CST) From: Chuck Rock X-X-Sender: carock@kira.epconline.net To: Dean Strik Cc: "Michael K. Smith" , freebsd-questions@freebsd.org Subject: Re: Syslog problem In-Reply-To: <20030309123709.GD34099@dragon.stack.nl> Message-ID: <20030310075547.L25882@kira.epconline.net> References: <20030308174700.C73817-100000@chimera.noanet.net> <20030308204019.S86872@kira.epconline.net> <20030309123709.GD34099@dragon.stack.nl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG OK, this does make some sense reading it a few more times. I did include the output of snort which clearly shows the packets coming from port 514 (syslog) which this also says is the default accept port from the source address. This should have worked anyway, shouldn't it? I appreciate the help from everyone. Thanks, Chuck On Sun, 9 Mar 2003, Dean Strik wrote: > Chuck Rock wrote: > > On Sat, 8 Mar 2003, Michael K. Smith wrote: > > > This might be your issue, because you haven't specified the service after > > > you subnet. Try the following: > > > > > > /usr/sbin/syslogd -a 207.206.185.1/27:* -a 209.83.132.1/27:* > > > > Accordifn to the man page, that just specifies what port to listen on. By > > default it's 514 syslog port. > > No, that's not what it says. I quote: > > ipaddr/masklen[:service] > [...] > If specified, _service_ is the name or number of an UDP service (see > services(5)) the source packet must belong to. > > In other words, it's the port the remote syslog is sending from, not the > port the local syslogd is listening on. > > -- > Dean C. Strik Eindhoven University of Technology > dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ > "This isn't right. This isn't even wrong." -- Wolfgang Pauli > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message