From owner-freebsd-questions Thu Sep 21 16:25:59 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.utexas.edu (wb3-a.mail.utexas.edu [128.83.126.138]) by hub.freebsd.org (Postfix) with SMTP id ED0E137B424 for ; Thu, 21 Sep 2000 16:25:56 -0700 (PDT) Received: (qmail 27821 invoked by uid 0); 21 Sep 2000 23:25:56 -0000 Received: from chepe.cc.utexas.edu (HELO chepe.mail.utexas.edu) (128.83.135.25) by umbs-smtp-3 with SMTP; 21 Sep 2000 23:25:56 -0000 Message-Id: <4.3.2.7.2.20000921181334.00b12180@mail.utexas.edu> X-Sender: oscars@mail.utexas.edu X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 21 Sep 2000 18:21:26 -0500 To: freebsd-questions@FreeBSD.ORG From: Oscar Ricardo Silva Subject: Attempting to use syslogd with "-a" option Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm trying to enable logging from other hosts to my machine. The loghost machine is running FreeBSD 4.1-STABLE, one of the test machines has FreeBSD 4.1-STABLE and the other Red Hat Linux 6.2. When I start the syslogd daemon with the "-a" switch syslod -a 1.2.3.4/24 -a 1.2.3.5/24 (I've also tried without the masklen, the "/24" with the same results) I see that syslog messages from the test machines are being rejected: validate: dgram from IP 1.2.3.4, port 514, name test1.foo.com; rejected in rule 0 due to IP mismatch. rejected in rule 1 due to IP mismatch. cvthname(1.2.3.4) validate: dgram from IP 1.2.3.5, port 514, name test2.foo.com; rejected in rule 0 due to IP mismatch. rejected in rule 1 due to IP mismatch. The test machines have the line: *.* @1.2.3.10 where 1.2.3.10 is supposed to be my machine (and yes, those are tabs between the *.* and the "@") I tried running tcpdump on loghost and saw that syslog messages were being sent out and that they were coming into my machine: 17:48:00.325121 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 62 17:48:08.424073 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 69 17:48:08.424532 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 80 17:48:08.425285 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 91 17:48:21.796066 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 62 17:48:24.305533 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 71 17:48:24.306488 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 82 17:48:24.307487 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 93 17:49:36.977318 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 71 17:49:36.977713 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 70 17:49:42.116968 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 71 17:49:42.117367 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 70 17:49:47.662878 test1.foo.fom.syslog > loghost.foo.com.syslog: udp 58 I checked mailing list archives and all I found were other people having problems running with the "-a" option but no responses. The Complete FreeBSD didn't have much to say on remote logging. Any information would be appreciated. Oscar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message