From owner-freebsd-questions@FreeBSD.ORG Sat Nov 19 23:09:05 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55EC6106566C for ; Sat, 19 Nov 2011 23:09:05 +0000 (UTC) (envelope-from kayasaman@gmail.com) Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) by mx1.freebsd.org (Postfix) with ESMTP id D72F48FC12 for ; Sat, 19 Nov 2011 23:09:04 +0000 (UTC) Received: by wwe3 with SMTP id 3so3255934wwe.1 for ; Sat, 19 Nov 2011 15:09:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=JXDs1WlzDbgbpIr4x2jfJ/L/A47DICS4ELa1cRA0Mk4=; b=PDSGHL1pW1xPtaYXbdW48SXYBOnC1eXDpQ7YYglJxXNLuHHwdpi0SHyI9SROru4G6H d4dUjSg57iogb3Yy8kGPRgi+cr7JlOW/6X/A1NFtfh2/O8P2oomfRXbQ5zVXAczJzimy K2xd51ab6qvw+IVZD+1O+7PQnKsRZyMVveuFk= Received: by 10.180.80.98 with SMTP id q2mr8534109wix.53.1321744143684; Sat, 19 Nov 2011 15:09:03 -0800 (PST) Received: from Hp2230s.localhost (81-178-2-118.dsl.pipex.com. [81.178.2.118]) by mx.google.com with ESMTPS id c2sm6477823wbo.3.2011.11.19.15.09.01 (version=SSLv3 cipher=OTHER); Sat, 19 Nov 2011 15:09:02 -0800 (PST) Message-ID: <4EC8370C.8010206@gmail.com> Date: Sun, 20 Nov 2011 01:09:00 +0200 From: Kaya Saman User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0) Gecko/20110927 Thunderbird/7.0 MIME-Version: 1.0 To: Robert Bonomi References: <201111191813.pAJIDB1S066601@mail.r-bonomi.com> In-Reply-To: <201111191813.pAJIDB1S066601@mail.r-bonomi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Syslog server not logging remote machines to file? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Nov 2011 23:09:05 -0000 >> cvthname(192.168.1.1) >> validate: dgram from IP 192.168.1.1, port 59189, name router.domain; >> accepted in rule 0. >> logmsg: pri 275, flags 0, from cisco857w, msg 10048: 010035: Nov 19 >> 10:33:48.037: %SYS-5-CONFIG_I: Configured from console by admin on vty0 >> (192.168.1.120) > If we take the 'priority' of that message at face value, > it is a facility value of 34 > and a logging priority of 3 > > On the machines I have access to, facility values stop at _24_. > > The message may be being discarded because of a 'nonsense' priority. I changed the 'facility' value within the IOS itself to kernel: (config)#logging facility kern - and now the generated message shows this: accepted in rule 0. logmsg: pri 15, flags 0, from cisco857w, msg 10146: 010133: Nov 19 23:05:54.538: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.0.53 still not logging to file though :-( ?? > >> The file is mentioned in syslogd config and seems to be loaded within >> the configuration: >> >> { >> >> cfline("*.* /var/log/cisco857w.log", f, "*", >> "+192.168.1.1") >> >> 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE: >> /var/log/cisco857w.log > _THAT_ lookks like only _24_ known 'facility' values. > >> # ls -l /var/log | grep cisco857 >> -rw------- 1 root wheel 0 Nov 18 16:32 cisco857w.log > And, I presume that when you are invoking syslogd in 'debug' mode, you > are running as superuser. Yep, that is correct! Am using: su - >> So after all this looks {**perfect**} what can this mysterious problem be?? >> > I'm _guessing_ that the apparent 'facility' value of 34 is a good candidate. > > >