Date: Sat, 12 Jan 2008 19:27:29 -0600 From: Jon Hamilton <hamilton@pobox.com> To: Jeffrey Goldberg <jeffrey@goldmark.org> Cc: Andy Greenwood <greenwood.andy@gmail.com>, User questions <freebsd-questions@freebsd.org> Subject: Re: syslogd not reading messages from a remote machine Message-ID: <20080113012729.GI1965@woodstock.nethamilton.net> In-Reply-To: <53AFE19A-173F-43AC-BF68-972FFD12029E@goldmark.org> References: <47879080.6040208@gmail.com> <53AFE19A-173F-43AC-BF68-972FFD12029E@goldmark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeffrey Goldberg <jeffrey@goldmark.org>, said on Sat Jan 12, 2008 [03:50:45 PM]: } On Jan 11, 2008, at 9:51 AM, Andy Greenwood wrote: } } >I have recently set up a Fortigate-60 to run as a firewall/vpn on my } >home network. I have a FreeBSD 7.0-prerelease machine sitting behind } >it in the DMZ which is running ssh/web/etc. I'm trying to get the FG } >to log to the BSD box's syslog. I have set up the necessary stuff on } >the FG, and can send test logs from there to the bsd box. Running } >tcpdump on the bsd [...] } } >So I know that the packets are getting to the machine. I've set up } >syslogd to accept packets from 10.10.10.1/32 in rc.conf, and } >confirmed that the FG's IP should be accepted [...] } } } >I've restarted syslogd after every change I've made, but no dice. } >Can anyone shed some light on why these messages aren't logging and } >what I need to do to fix it? I didn't see the original thread, but I recently went through this myself. It turns out that syslogd assumes/requires by default that the originating packets come *from* port 514 as well as arriving *on* port 514. In my case, the remote device was sending from a high numbered port. To disable that behavior, just put -a 10.10.10.1/32:* in your syslogd_flags and you should be good to go (if your problem was the same as mine :) -- Jon Hamilton hamilton@pobox.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080113012729.GI1965>