From owner-freebsd-questions  Wed Mar 28  4:54:47 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.cfw.com (flanders.ntelos.net [216.12.0.16])
	by hub.freebsd.org (Postfix) with SMTP id 2F55737B725
	for <freebsd-questions@FreeBSD.ORG>; Wed, 28 Mar 2001 04:54:43 -0800 (PST)
	(envelope-from freebsd@intelos.net)
Received: (qmail 13025 invoked from network); 28 Mar 2001 07:54:41 -0500
Received: from unknown (HELO localhost) (127.0.0.1)
  by flanders.intelos.net with SMTP; 28 Mar 2001 07:54:41 -0500
Date: Wed, 28 Mar 2001 07:54:41 -0500 (EST)
From: Ashby Gochenour <freebsd@intelos.net>
To: Tony Landells <ahl@austclear.com.au>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: syslogd and cisco 
In-Reply-To: <200103280445.OAA20622@tungsten.austclear.com.au>
Message-ID: <Pine.GSO.4.21.0103280748320.1757-100000@flanders.intelos.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Tony,
Thank you for the helpful info about the tcpdump and udp port.
I checked and I do have syslog running on port 514:

Port       State       Service
111/udp    open        sunrpc                  
514/udp    open        syslog

I also have the router.log in /var/log and is owned by root with wheel
group. Would this be preventing syslogd to log? I thought it would log as
syslogd runs under root UID:

root      115  0.0  0.1   928  732  ??  Ss   10:47AM   0:00.42 syslogd 

Hm. I am running out of ideas on this one. 
I don't understand what I could be missing.
Any further ideas are well appriciated!

Thanks,

Ashby Gochenour
UNIX Administration
NTELOS
NOC


On Wed, 28 Mar 2001, Tony Landells wrote:

> 
> freebsd@intelos.net said:
> > Running this did produce a log coming from the router that I saw
> > through tcpdump. This still did not get logged to my router.log file.
> > I've been watching this and see that UDP varies from 93 to 88 and
> > back. Is this 93 and 88 a port or what does it signify? 
> 
> If you read the manual for tcpdump, you'll see that the 93 and 88
> represent the amount of "user data" in the UDP packet.
> 
> The port numbers are attached to the IP addresses as the fifth number:
> 
> > 14:08:56.678016 0:2:fd:1:4c:a0 0:50:8b:c8:19:5d 0800
> > 135: 192.168.50.193.1480 > 192.168.50.199.514:  udp 93
> 
> The above packet is from port 1480 of 192.168.50.193 to port 514
> of 192.168.50.199.
> 
> > Any help at figuring out why I see the udp packet in tcpdump, but it is
> > not logging to where I specify in syslogd?
> 
> Have you looked to see whether syslogd is logging any error messages?
> Like, perhaps, that the file you want to log to doesn't exist?
> 
> Just a thought...
> 
> Tony
> -- 
> Tony Landells					<ahl@austclear.com.au>
> Senior Network Engineer				Ph:  +61 3 9677 9319
> Australian Clearing Services Pty Ltd		Fax: +61 3 9677 9355
> Level 4, Rialto North Tower
> 525 Collins Street
> Melbourne VIC 3000
> Australia
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message