From owner-freebsd-questions@FreeBSD.ORG Sun Aug 14 03:24:41 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EC0D16A41F for ; Sun, 14 Aug 2005 03:24:41 +0000 (GMT) (envelope-from steve@northcc.net) Received: from mail.northcc.net (mail.northcc.net [66.73.13.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id E150D43D46 for ; Sun, 14 Aug 2005 03:24:40 +0000 (GMT) (envelope-from steve@northcc.net) Received: from localhost (localhost [127.0.0.1]) by mail.northcc.net (Postfix) with ESMTP id 60B5F636CB; Sat, 13 Aug 2005 22:26:43 -0500 (EST) Received: from mail.northcc.net ([127.0.0.1]) by localhost (mail.northcc.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 36895-04; Sat, 13 Aug 2005 22:26:42 -0500 (EST) Received: from [192.168.66.100] (sid [66.73.13.100]) by mail.northcc.net (Postfix) with ESMTP id B8134628FE; Sat, 13 Aug 2005 22:26:41 -0500 (EST) Message-ID: <42FEBA5F.10201@northcc.net> Date: Sat, 13 Aug 2005 22:28:31 -0500 From: "Steve D." User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Aaron Peterson References: <45d750d2050812131558f6c584@mail.gmail.com> In-Reply-To: <45d750d2050812131558f6c584@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by northcc.net Cc: FreeBSD Questions Subject: Re: remote syslogging X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Aug 2005 03:24:41 -0000 Try: +chsfirewall1 local6.notice /var/log/firewall/chsfirewall1.log +* +chsfirewall2 local6.notice /var/log/firewall/chsfirewall2.log +* If that doesn't work try running syslog in debug: kill -9 `cat /var/run/syslog.pid` syslogd -d -v -a 172.24.169.44/32:* -a 172.24.169.46/32:* Aaron Peterson wrote: >in /etc/rc.conf: > >syslogd_enable="YES" >syslogd_flags="-a 172.24.169.44/32:* -a 172.24.169.46/32:*" > >--------------------------------------- > >in syslog.conf: > >!* >+chsfirewall1 >local6.notice /var/log/firewall/chsfirewall1.log > >+chsfirewall2 >local6.notice /var/log/firewall/chsfirewall2.log > >------------------------------------ > >$ ls -l /var/log/firewall > >total 0 >-rw------- 1 root wheel 0 Aug 12 15:23 chsfirewall1.log >-rw------- 1 root wheel 0 Aug 12 15:33 chsfirewall2.log > >------------------------------------- > >in /etc/hosts > >172.24.169.44 chsfirewall1 >172.24.169.46 chsfirewall2 > >------------------------------------- > >$ tcpdump -i fxp0 -w firewall.bin udp and dst port 514 > >15:58:57.151625 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 >15:58:57.151763 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 >15:58:57.151889 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 147 >15:58:57.152014 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 147 >15:58:57.152141 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 >15:58:57.166549 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 >15:58:57.166688 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 152 >15:58:57.166817 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 >15:58:57.166965 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149 >15:58:57.167194 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 148 >15:58:59.086044 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148 >15:58:59.086179 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148 >15:58:59.086306 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148 >15:58:59.109459 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 149 > >ethereal outpug for the same traffic: > >Frame 2226 (191 bytes on wire, 96 bytes captured) >Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb >Internet Protocol, Src Addr: 172.24.169.44 (172.24.169.44), Dst Addr: >172.26.35.21 (172.26.35.21) >User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) >Syslog message: LOCAL6.NOTICE: 13445 08/12/2005 16:09:20 t... > >No. Time Source Destination Protocol Info > 2227 0.922397 172.24.169.44 172.26.35.21 Syslog > LOCAL6.NOTICE: 13445 08/12/2005 16:09:20 t... > >Frame 2227 (190 bytes on wire, 96 bytes captured) >Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb >Internet Protocol, Src Addr: 172.24.169.44 (172.24.169.44), Dst Addr: >172.26.35.21 (172.26.35.21) >User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) >Syslog message: LOCAL6.NOTICE: 13445 08/12/2005 16:09:20 t... > >No. Time Source Destination Protocol Info > 2228 2.841247 172.24.169.46 172.26.35.21 Syslog > LOCAL6.NOTICE: 6129 08/12/2005 16:05:34 tE... > >Frame 2228 (190 bytes on wire, 96 bytes captured) >Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb >Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr: >172.26.35.21 (172.26.35.21) >User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) >Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:34 tE... > >No. Time Source Destination Protocol Info > 2229 2.841382 172.24.169.46 172.26.35.21 Syslog > LOCAL6.NOTICE: 6129 08/12/2005 16:05:42 tE... > >Frame 2229 (190 bytes on wire, 96 bytes captured) >Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb >Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr: >172.26.35.21 (172.26.35.21) >User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) >Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:42 tE... > >No. Time Source Destination Protocol Info > 2230 2.841509 172.24.169.46 172.26.35.21 Syslog > LOCAL6.NOTICE: 6129 08/12/2005 16:05:47 tE... > >Frame 2230 (190 bytes on wire, 96 bytes captured) >Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb >Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr: >172.26.35.21 (172.26.35.21) >User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) >Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:47 tE... > >No. Time Source Destination Protocol Info > 2231 2.864662 172.24.169.46 172.26.35.21 Syslog > LOCAL6.NOTICE: 6129 08/12/2005 16:05:48 tE... > >Frame 2231 (191 bytes on wire, 96 bytes captured) >Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb >Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr: >172.26.35.21 (172.26.35.21) >User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514) >Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:48 tE... > >... > >Nothing in /var/log/firewall/chsfirewall1.log or chsfirewall2.log > >I must be missing something... >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > >