From owner-freebsd-questions@FreeBSD.ORG Sat Nov 19 17:01:03 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BEA9106564A for ; Sat, 19 Nov 2011 17:01:03 +0000 (UTC) (envelope-from kayasaman@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 0C7948FC0A for ; Sat, 19 Nov 2011 17:01:02 +0000 (UTC) Received: by wwg14 with SMTP id 14so6964653wwg.31 for ; Sat, 19 Nov 2011 09:01:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=YRCpL8NEvapOHKIIssE7nOC0a9JCyx/wWCKJxROGyTU=; b=S8F1C/j6RCSbH5q3qiEgckdc63nmQH+ViLxrqWI9g+xKB3xYKQj5JQlHSDCBJ4Gih7 cOeRbDJe+BZ87XXo6i0HjL/1hakfZ5l4+QxfeL0fObiUhSLi5IKkwHpxVl1QYD+wjwGf zA8cqFYuhqLZroTUGvCUGA3MGJxjqkRnOLtpI= Received: by 10.227.199.132 with SMTP id es4mr5018644wbb.5.1321722062009; Sat, 19 Nov 2011 09:01:02 -0800 (PST) Received: from Hp2230s.localhost (81-178-2-118.dsl.pipex.com. [81.178.2.118]) by mx.google.com with ESMTPS id ff6sm5423429wbb.10.2011.11.19.09.01.00 (version=SSLv3 cipher=OTHER); Sat, 19 Nov 2011 09:01:01 -0800 (PST) Message-ID: <4EC7E0CB.3020406@gmail.com> Date: Sat, 19 Nov 2011 19:00:59 +0200 From: Kaya Saman User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0) Gecko/20110927 Thunderbird/7.0 MIME-Version: 1.0 To: Robert Bonomi References: <201111191652.pAJGqHOM066166@mail.r-bonomi.com> In-Reply-To: <201111191652.pAJGqHOM066166@mail.r-bonomi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Syslog server not logging remote machines to file? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Nov 2011 17:01:03 -0000 On 11/19/2011 06:52 PM, Robert Bonomi wrote: >> From kayasaman@gmail.com Sat Nov 19 09:33:08 2011 >> Date: Sat, 19 Nov 2011 17:31:50 +0200 >> From: Kaya Saman >> To: Robert Bonomi >> CC: freebsd-questions@freebsd.org >> Subject: Re: Syslog server not logging remote machines to file? >> >> On 11/19/2011 05:21 PM, Robert Bonomi wrote: >>> Kaya Saman wrote: >>>> Hi, >>>> >>>> I've got a really strange problem which seems to either be a bug with >>>> the syslog server service or perhaps because I'm running jails on my >>>> system..... >>>> >>>> I can log my router syslog information but somehow the syslog server >>>> doesn't put the information into the designated file; which should be >>>> /var/log/cisco857w.log??? >>>> >>> The -usual- 'gotcha' for this situation is that you have to _create_ the >>> file FIRST, and then tell syslogd to reload it's configuration. (i.e. >>> 'kill -HUP' the PID for syslogd) >>> >>> >> That's ok, however due to me running syslogd in debug mode anyway - ctrl >> + c should do that anyway..... I performed a: ps aux | grep syslog with >> no result other then my 'grepping' displayed. >> >> Meaning that the syslog daemon should have reloaded right? - I mean it's >> standard for everything else which works in that way! > Well if ps -aux doesn't show any syslogd entry, then syslogd is -not- > running -- which would explain why it's not logging anything to the file :) > > If you're stopping and restarting syslogd, then, yes, that causes it to > re-read the configuration. > > This begs the question, however, *DOES* that file exist? syslog does _not_ > _create_ a missing logfile, just because it is mentioned in the syslog.conf > file. > g Robert, I can assure that syslogd is running, hence the logging posted within my first email to the list. When run with the -d and -vv flags set in /etc/rc.conf I need to use ctrl +c to break out of it as it logs directly to the tty. Just to go over it again, output from syslogd with -d and -vv flags set running in debug mode shows: { logmsg: pri 56, flags 4, from Server, msg syslogd: restart syslogd: restarted logmsg: pri 6, flags 4, from Server, msg syslogd: kernel boot file is /boot/kernel/kernel Logging to FILE /var/log/messages syslogd: kernel boot file is /boot/kernel/kernel logmsg: pri 166, flags 17, from Server, msg Nov 19 12:33:34 Server syslogd: exiting on signal 2 cvthname(192.168.1.1) validate: dgram from IP 192.168.1.1, port 59189, name router.domain; accepted in rule 0. logmsg: pri 275, flags 0, from cisco857w, msg 10048: 010035: Nov 19 10:33:48.037: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.120) } The file is mentioned in syslogd config and seems to be loaded within the configuration: { cfline("*.* /var/log/cisco857w.log", f, "*", "+192.168.1.1") 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE: /var/log/cisco857w.log } The file *has* been created also under /var/log/ dir however self creation is possible using the -C flag within /etc/rc.conf file; and give 'appropriate' permission 600: { # ls -l /var/log | grep cisco857 -rw------- 1 root wheel 0 Nov 18 16:32 cisco857w.log } So after all this looks {**perfect**} what can this mysterious problem be??