From owner-freebsd-questions Wed Mar 28 4:43:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.cfw.com (flanders.ntelos.net [216.12.0.16]) by hub.freebsd.org (Postfix) with SMTP id AA1B237B71F for ; Wed, 28 Mar 2001 04:43:42 -0800 (PST) (envelope-from freebsd@intelos.net) Received: (qmail 20467 invoked from network); 28 Mar 2001 07:43:36 -0500 Received: from unknown (HELO localhost) (127.0.0.1) by flanders.intelos.net with SMTP; 28 Mar 2001 07:43:36 -0500 Date: Wed, 28 Mar 2001 07:43:36 -0500 (EST) From: Ashby Gochenour To: scott Cc: freebsd-questions@FreeBSD.ORG Subject: Re: syslogd and cisco In-Reply-To: <3AC15FE5.8D2E834C@mediaone.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hey Scott and BSDall, Thanks for the info. The firewall would not be blocking this as my firewall is sending the logs to the internal network it firewalls. Would there be any reason the FreeBSD machine is 'firewalling' the packets? I tried removing the :* from my syslogd_flags= and I am still not receiving the packets. I'd love to get this working today if anyone has any suggestions! Thanks, Ashby On Tue, 27 Mar 2001, scott wrote: > In my experiences, I've only used > syslogd_flags="-a 192.168.50.0/24" > which will catch all udp from the above specified subnet. Since tcpdump > saw everything, this means you are receiving the packets in promiscuous > mode. Change the syslogd_flags specification and check to see if your > firewall is not blocking them. > > - Scott > > Ashby Gochenour wrote: > > > > Hello Everyone, > > I am trying to receive logs from a cisco router on my local network. > > I have read all the mail archives and have not found an answer to my > > problem. I have /etc/defaults/rc.config set to these values: > > > > syslogd_enable="YES" > > syslogd_flags="-a 192.168.50.0/24:*" > > > > I have the following in my /etc/syslog.conf: > > > > local7.debug /var/log/router.log > > local7.* /var/log/router.all.log > > > > These entries were not receiving the logs, so I tried to catch everything > > coming to syslogd by: > > > > *.* /var/log/all.log > > > > This is logging kernel logs and the norm, but I still see no cisco logs in > > here. > > > > On the cisco router I have the following in the running config: > > > > logging 192.168.50.199 > > > > This is the FreeBSD 4.2 machine I want to log to. I did have an additional > > line in the config: > > > > logging trap debugging > > > > Which I took out as I was not sure this was needed or not. > > When I do a show log on the Cisco, I see that it is sending messages to my > > host, I am just not getting them. > > > > Trap logging: level informational, 43 message lines logged > > Logging to 192.168.50.199, 13 message lines logged > > > > I've tried to run tcpdump to see if the > > messages are getting there, but I'm not sure what to be looking for > > exactly. > > > > I have read numerous mail archives on people having similar problems, but > > have seen no answers that fix this. > > > > Any advice, hints, fixes much appriciated! > > > > Ashby Gochenour > > Unix Administration > > NTELOS > > NOC > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message