From owner-freebsd-questions@FreeBSD.ORG Sun Jan 13 01:27:30 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BBF4F16A418 for ; Sun, 13 Jan 2008 01:27:30 +0000 (UTC) (envelope-from hamilton@pobox.com) Received: from hrndva-omtalb.mail.rr.com (hrndva-omtalb.mail.rr.com [71.74.56.123]) by mx1.freebsd.org (Postfix) with ESMTP id 8741813C457 for ; Sun, 13 Jan 2008 01:27:30 +0000 (UTC) (envelope-from hamilton@pobox.com) Received: from woodstock.nethamilton.net ([72.135.240.24]) by hrndva-omta01.mail.rr.com with ESMTP id <20080113012729.PNUI11942.hrndva-omta01.mail.rr.com@woodstock.nethamilton.net>; Sun, 13 Jan 2008 01:27:29 +0000 Received: by woodstock.nethamilton.net (Postfix, from userid 500) id 43D9525C5554; Sat, 12 Jan 2008 19:27:29 -0600 (CST) Date: Sat, 12 Jan 2008 19:27:29 -0600 From: Jon Hamilton To: Jeffrey Goldberg Message-ID: <20080113012729.GI1965@woodstock.nethamilton.net> References: <47879080.6040208@gmail.com> <53AFE19A-173F-43AC-BF68-972FFD12029E@goldmark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53AFE19A-173F-43AC-BF68-972FFD12029E@goldmark.org> Cc: Andy Greenwood , User questions Subject: Re: syslogd not reading messages from a remote machine X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jan 2008 01:27:30 -0000 Jeffrey Goldberg , said on Sat Jan 12, 2008 [03:50:45 PM]: } On Jan 11, 2008, at 9:51 AM, Andy Greenwood wrote: } } >I have recently set up a Fortigate-60 to run as a firewall/vpn on my } >home network. I have a FreeBSD 7.0-prerelease machine sitting behind } >it in the DMZ which is running ssh/web/etc. I'm trying to get the FG } >to log to the BSD box's syslog. I have set up the necessary stuff on } >the FG, and can send test logs from there to the bsd box. Running } >tcpdump on the bsd [...] } } >So I know that the packets are getting to the machine. I've set up } >syslogd to accept packets from 10.10.10.1/32 in rc.conf, and } >confirmed that the FG's IP should be accepted [...] } } } >I've restarted syslogd after every change I've made, but no dice. } >Can anyone shed some light on why these messages aren't logging and } >what I need to do to fix it? I didn't see the original thread, but I recently went through this myself. It turns out that syslogd assumes/requires by default that the originating packets come *from* port 514 as well as arriving *on* port 514. In my case, the remote device was sending from a high numbered port. To disable that behavior, just put -a 10.10.10.1/32:* in your syslogd_flags and you should be good to go (if your problem was the same as mine :) -- Jon Hamilton hamilton@pobox.com