Date: Sat, 18 Dec 2004 09:24:23 -0800 From: Joshua Tinnin <krinklyfig@spymac.com> To: freebsd-newbies@freebsd.org, chris@seagul.co.uk Subject: Re: Syslog remote logging problems Message-ID: <200412180924.23387.krinklyfig@spymac.com> In-Reply-To: <NCBBLFEPMMFHJCFNNAIJCEHHEJAA.chris@seagul.co.uk> References: <NCBBLFEPMMFHJCFNNAIJCEHHEJAA.chris@seagul.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 12 December 2004 09:29 am, "Chris Roos" <chris@seagul.co.uk> wrote: > Hi, > > I have spent quite some time today trying to get my Netgear DG834 > ADSL Router to log it's syslog messages to syslogd running on FreeBSD > 5.3R. > > The first step was to check that the syslog messages were arriving at > the FreeBSD box by using tcpdump with a filter for udp packets. This > confirmed that the packets were being 'seen' by the FreeBSD box. > > The next step was to set-up a rule in syslog.conf to log all data > from the router to /var/log/router.log. This is where the first > problems appeared. Initially, I added the following to the end of > syslog.conf > > +router > *.* /var/log/router.log > > As this entry was below the program entries for ppp and startslip, > and having read the man pages, I gather that syslog was now set-up to > log from router only entries matching the above programs (due to the > cascading nature of the syslog.conf rules). I moved the router > definition to above the program entries and verified that the log > file was being populated. I read in the man pages that to cancel a > program or hostname rule within the syslog.conf file use '*', however > I have not been able to get this to work correctly. I have tried the > following at the end of the file (before moving the router definition > to above the ppp and startslip program entries to enable it to work > correctly) with no success. > > * > +router > *.* /var/log/router.log > > and > > *+router > *.* /var/log/router.log > > I would like to know the correct format of this so that I can be sure > that I am logging everything I should be. > > In addition to the above, I am having problems starting the syslogd > daemon using the -a flag. If I try to start syslogd with any of the > following options, I do not get the remote logs from router (IP > address 192.168.3.20) > > -a 192.168.3.20 > -a 192.168.3.20/16 > -a 192.168.3.20/255.255.255.0 > -a 192.168.3.20:'*' > -a 192.168.3.20/16:'*' > -a 192.168.3.20/255.255.255.0:'*' > > I am currently running syslogd with no parameters which allows me to > log from the remote host correctly but I would much prefer if I could > allow only the remote host that I want to log from. > > Any help on either of these points would be greatly appreaciated. I see nobody has answered you - this is not actually a tech help list. See: http://lists.freebsd.org/mailman/listinfo/freebsd-questions Anyway, I log a router with my box, but I do it differently. In /etc/rc.conf, you should have: syslogd_flags="-a 192.168.3.20" All logged info from the router can be sent to whatever file with this in /etc/syslog.conf, as you tried earlier: > +router > *.* /var/log/router.log This *should* work, but fwiw, I haven't been able to get it to work. But with the default settings in syslog.conf, router messages are logged in /var/log/messages, which is fine for my purposes right now. I'm sure there's a better way, but at least that will work. - jt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412180924.23387.krinklyfig>