From owner-freebsd-questions@FreeBSD.ORG Thu Mar 22 14:45:03 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E6CE216A401 for ; Thu, 22 Mar 2007 14:45:03 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.230]) by mx1.freebsd.org (Postfix) with ESMTP id A2EAF13C4DD for ; Thu, 22 Mar 2007 14:45:03 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: by nz-out-0506.google.com with SMTP id r28so542186nza for ; Thu, 22 Mar 2007 07:45:03 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=e4TgTkGmUqAieIyr8tFZvvXJs7tF3r5zu/zPmUFM+G2+0gfoR49010kDxeT67PyhKDNyzSnPWac0YTRUbzOiWXjIT1jybyW41cIi9zLpQh3RiyKOcUGRvp8B/1BymTpuCCB/9e9w9RoXq9s/cdn1Wl0QJGYyuAhLkmEyeSUkdpU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=Tyz1qFZMKvMRQLDYAQwn7FFUHwipobor/SVLFuxiNKt+jmDqcFcfBq82jwMd9Jxd3eMZqPbKPUpOxXynIgO9Iv3oTh07bAYs7YoIy54LxOPmpL2thHV1S6A+MmRNm9xKt7DJRYcD9r+DZRGHlWoqot6CHYru4ACn4VwvIjv7pGM= Received: by 10.35.127.7 with SMTP id e7mr3720785pyn.1174574703032; Thu, 22 Mar 2007 07:45:03 -0700 (PDT) Received: by 10.35.106.6 with HTTP; Thu, 22 Mar 2007 07:45:02 -0700 (PDT) Message-ID: <226ae0c60703220745x6764d58du4798c3e25d65d5cd@mail.gmail.com> Date: Thu, 22 Mar 2007 10:45:02 -0400 From: "David Robillard" To: "FreeBSD Questions" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Guido Demmenie Subject: Re: remote logging with syslogd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2007 14:45:04 -0000 > Hello, > > I'm trying to put up a remote logging server. I want to let my > Airport Express send its logs to my FreeBSD server. > > So I said to my Airport to send its logs to the internal ip of my > server, I suppose it works because that's what Apple hardware does. > Now I did the following things on my bsdbox: > > > I appended to syslog.conf: > > # Log remote Airport Express > +airport > *.* /var/log/airport.log > !* > > I touched /var/log/airport.log and it has rw-r----- root:wheel rights > > And to rc.conf I added: > > syslogd_enable="YES" > syslogd_flags="-b myhostname.intranet -a *.intranet" > > I restarted syslogd via: > # /etc/rc.d/syslogd restart > > I suppose it should work, but nothing appears in /var/log/airport and > there should be something that it listens for input or not? > > Also I checked netstat -a | grep syslog > udp4 0 0 myhostname.intranet..syslo *.* > > So it looks like it is not listening. > > Anyone any ideas what I'm doing wrong? The Apple AirPort products, both Extreme and Express, do not use the standard syslog UDP port 514. They send it at a higher port. Just like most Cisco devices do. So to enable logging on a FreeBSD host, you must change your rc.conf(5) syslog_flags line to enable other non-standard syslog ports. Try something like this: syslogd_flags="-b myhostname.intranet -a *.intranet:*" Since you're using names instead of IP addresses in your configuration, make sure your DNS resolves both A and PTR records for the AirPort. Have fun, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122