From owner-freebsd-newbies@FreeBSD.ORG Sun Dec 12 17:29:15 2004 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1AD216A4CE for ; Sun, 12 Dec 2004 17:29:15 +0000 (GMT) Received: from heisenberg.zen.co.uk (heisenberg.zen.co.uk [212.23.3.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1862A43D5E for ; Sun, 12 Dec 2004 17:29:15 +0000 (GMT) (envelope-from chris@seagul.co.uk) Received: from [62.3.120.198] (helo=SEAGUL03) by heisenberg.zen.co.uk with smtp (Exim 4.30) id 1CdXX0-0000qc-5W for freebsd-newbies@freebsd.org; Sun, 12 Dec 2004 17:29:14 +0000 From: "Chris Roos" To: Date: Sun, 12 Dec 2004 17:29:06 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Importance: Normal X-Originating-Heisenberg-IP: [62.3.120.198] Subject: Syslog remote logging problems X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: chris@seagul.co.uk List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2004 17:29:15 -0000 Hi, I have spent quite some time today trying to get my Netgear DG834 ADSL Router to log it's syslog messages to syslogd running on FreeBSD 5.3R. The first step was to check that the syslog messages were arriving at the FreeBSD box by using tcpdump with a filter for udp packets. This confirmed that the packets were being 'seen' by the FreeBSD box. The next step was to set-up a rule in syslog.conf to log all data from the router to /var/log/router.log. This is where the first problems appeared. Initially, I added the following to the end of syslog.conf +router *.* /var/log/router.log As this entry was below the program entries for ppp and startslip, and having read the man pages, I gather that syslog was now set-up to log from router only entries matching the above programs (due to the cascading nature of the syslog.conf rules). I moved the router definition to above the program entries and verified that the log file was being populated. I read in the man pages that to cancel a program or hostname rule within the syslog.conf file use '*', however I have not been able to get this to work correctly. I have tried the following at the end of the file (before moving the router definition to above the ppp and startslip program entries to enable it to work correctly) with no success. * +router *.* /var/log/router.log and *+router *.* /var/log/router.log I would like to know the correct format of this so that I can be sure that I am logging everything I should be. In addition to the above, I am having problems starting the syslogd daemon using the -a flag. If I try to start syslogd with any of the following options, I do not get the remote logs from router (IP address 192.168.3.20) -a 192.168.3.20 -a 192.168.3.20/16 -a 192.168.3.20/255.255.255.0 -a 192.168.3.20:'*' -a 192.168.3.20/16:'*' -a 192.168.3.20/255.255.255.0:'*' I am currently running syslogd with no parameters which allows me to log from the remote host correctly but I would much prefer if I could allow only the remote host that I want to log from. Any help on either of these points would be greatly appreaciated. Chris --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.809 / Virus Database: 551 - Release Date: 09/12/2004