From owner-freebsd-questions@FreeBSD.ORG Sat Jan 12 21:50:47 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB47516A418 for ; Sat, 12 Jan 2008 21:50:47 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com [66.111.4.27]) by mx1.freebsd.org (Postfix) with ESMTP id 8868B13C448 for ; Sat, 12 Jan 2008 21:50:47 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id E7EB386BA1; Sat, 12 Jan 2008 16:50:46 -0500 (EST) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Sat, 12 Jan 2008 16:50:46 -0500 X-Sasl-enc: shFe2V54o3vNo7mpvCELBsMQgMy7JFsbvUIMP7lXpJSV 1200174646 Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTP id 90F0BD381; Sat, 12 Jan 2008 16:50:46 -0500 (EST) Message-Id: <53AFE19A-173F-43AC-BF68-972FFD12029E@goldmark.org> From: Jeffrey Goldberg To: Andy Greenwood In-Reply-To: <47879080.6040208@gmail.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Date: Sat, 12 Jan 2008 15:50:45 -0600 References: <47879080.6040208@gmail.com> X-Mailer: Apple Mail (2.915) Cc: User questions Subject: Re: syslogd not reading messages from a remote machine X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jan 2008 21:50:47 -0000 On Jan 11, 2008, at 9:51 AM, Andy Greenwood wrote: > I have recently set up a Fortigate-60 to run as a firewall/vpn on my > home network. I have a FreeBSD 7.0-prerelease machine sitting behind > it in the DMZ which is running ssh/web/etc. I'm trying to get the FG > to log to the BSD box's syslog. I have set up the necessary stuff on > the FG, and can send test logs from there to the bsd box. Running > tcpdump on the bsd [...] > So I know that the packets are getting to the machine. I've set up > syslogd to accept packets from 10.10.10.1/32 in rc.conf, and > confirmed that the FG's IP should be accepted [...] > I've restarted syslogd after every change I've made, but no dice. > Can anyone shed some light on why these messages aren't logging and > what I need to do to fix it? I'm sure that there is a simple answer for getting syslogd to work properly. But after similar experiences to yours (on other systems), I now use syslog-ng (in ports) for any system that is going to be a remote syslog server. With syslog-ng, I can easily have my logs organized by originating host and day. I know this doesn't answer your syslogd question, but it might provide a useful solution for you. Cheers, -j