Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Jan 2008 19:27:29 -0600
From:      Jon Hamilton <>
To:        Jeffrey Goldberg <>
Cc:        Andy Greenwood <>, User questions <>
Subject:   Re: syslogd not reading messages from a remote machine
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Jeffrey Goldberg <>, said on Sat Jan 12, 2008 [03:50:45 PM]:
} On Jan 11, 2008, at 9:51 AM, Andy Greenwood wrote:
} >I have recently set up a Fortigate-60 to run as a firewall/vpn on my  
} >home network. I have a FreeBSD 7.0-prerelease machine sitting behind  
} >it in the DMZ which is running ssh/web/etc. I'm trying to get the FG  
} >to log to the BSD box's syslog. I have set up the necessary stuff on  
} >the FG, and can send test logs from there to the bsd box. Running  
} >tcpdump on the bsd [...]
} >So I know that the packets are getting to the machine. I've set up  
} >syslogd to accept packets from in rc.conf, and  
} >confirmed that the FG's IP should be accepted [...]
} >I've restarted syslogd after every change I've made, but no dice.  
} >Can anyone shed some light on why these messages aren't logging and  
} >what I need to do to fix it?

I didn't see the original thread, but I recently went through this myself.
It turns out that syslogd assumes/requires by default that the originating
packets come *from* port 514 as well as arriving *on* port 514.  In my case,
the remote device was sending from a high numbered port.  

To disable that behavior, just put -a* in your syslogd_flags
and you should be good to go (if your problem was the same as mine :)


   Jon Hamilton

Want to link to this message? Use this URL: <>