Date: Fri, 29 Jun 2001 01:15:26 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Mike Meyer <mwm@mired.org> Cc: Drew Tomlinson <drewt@writeme.com>, questions@FreeBSD.ORG Subject: Re: How To Receive Syslog Messages From Another Device? Message-ID: <20010629011526.A375@blossom.cjclark.org> In-Reply-To: <15164.768.944327.747606@guru.mired.org>; from mwm@mired.org on Thu, Jun 28, 2001 at 11:24:32PM -0500 References: <15161.2940.652129.5196@guru.mired.org> <5CD46247635BD511B6B100A0CC3F0239259FD5@ldcmsx01.lc.ca.gov> <15164.768.944327.747606@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 28, 2001 at 11:24:32PM -0500, Mike Meyer wrote:
> Drew Tomlinson <drewt@writeme.com> types:
> > > From: Mike Meyer [mailto:mwm@mired.org]
> > > Drew Tomlinson <drewt@writeme.com> types:
> > > > I have a 3Com ADSL router for my home network. I have found that it
> > > > (according to the docs) has the capability to send log
> > > messages to syslogd
> > > Hmm - it works fine for me, without the ":*" as I'm going from FBSD to
> > > FBSD. You do need to make sure that syslogd is started without "-s",
> > > as that causes it to ignore the -a. If syslog is sending packets
> > > from the syslog udp port, you might try dropping the ":*".
> > Thanks for your response. I'm still a newbie but learning. :) I recall
> > when I setup ntpd that to get log messages, I had to put an entry in
> > syslog.conf that was something along the lines of:
> > ntp.info /var/log/ntp.log
> > Where ntp is the "name" (for lack of a better word) of the program sending
> > the message and info is the level at which to log. The file spec is the
> > file to log to.
>
> According to the documentation, that's "the selector field which
> specifies the types of messages and priorities".
In the example above, "ntp" is the FACILITY, "info" is the LEVEL, the
combination of "ntp.info" is the SELECTOR, and "/var/log/ntp.log" is
the ACTION.
> The program name can
> be selected for with the "!progname" construct.
Correct. This is not used in the example.
> As far as I can tell,
> there isn't any way to select on hostname.
Uh, read syslog.conf(5) again,
A hostname specification of the form `#+hostname' or
`+hostname' and the following blocks will be applied to messages received
from the specified hostname. Alternatively, a hostname specification
`#-hostname' or `-hostname' causes the following blocks to be applied to
messages from any host but the one specified. If the hostname is given
as `@', the local hostname will be used. A program or hostname specifi-
cation may be reset by giving the program or hostname as `*'.
> > So I assume I need the "name" of the messages coming from my router and add
> > a similar line to syslog.conf. Would this be correct? I've called 3Com to
> > get this "name" and all they could do was point me to some freeware syslog
> > daemons for Windows.
Put an entry like,
+router.hostname
*.* /var/log/router.log
In your syslog.conf. Run syslogd like,
# syslogd -vv -a router.hostname
To see what facility it is using (probably one of the local[0-7]
ones). After you see what it is up to, do some fine tuning.
> > > If nothing else works, enable a firewall on the destination box set to
> > > log everything, and see what's getting sent to it.
> > So if I do this, will I see the "name" I need above? What is some good "how
> > to's" for doing this? I assume there's something in the handbook. Anywhere
> > else you'd recommend I look?
A better idea is to turn on tcpdump(8) to catch the packets,
# tcpdump -s1500 -nvv 'udp && port 514'
I forget at what level of detail tcpdump(8) prints them. If you don't
see the facility, level, and message, do,
# tcpdump -s1500 -nvvX 'udp && port 514'
And read the packets on your own.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010629011526.A375>