Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Apr 2015 08:35:54 -0453
From:      "William A. Mahaffey III" <wam@hiwaay.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: minor syslog issue
Message-ID:  <55422E43.8090206@hiwaay.net>
In-Reply-To: <554229CE.30009@infracaninophile.co.uk>
References:  <55422366.8060000@hiwaay.net> <554229CE.30009@infracaninophile.co.uk>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 04/30/15 08:16, Matthew Seaman wrote:
> On 2015/04/30 13:42, William A. Mahaffey III wrote:
>> So far after a day or 2, nothing appears from the RPi on kabini1,
>> including nothing in /var/log/security (possibly indicating firewall
>> impeding traffic). Almost certainly pilot error, any help appreciated
>> :-) .... TIA & have a good one.
> You need to tell the receiving syslogd what port numbers to accept
> traffic from, as well as the IP numbers.
>
> In /etc/rc.conf:
>
> syslogd_flags="-a 192.168.0.0/16:514 -C -T"
>
> assuming you're using the default logging port for traffic from your
> RPi+.  If not, then 192.168.0.0/16:* will allow traffic from any port
> number, although personally I'd spend some quality time with tcpdump
> and/or wireshark looking at what network ports were actually used.
>
> 	Cheers,
>
> 	Matthew

Hmmmm .... I restarted syslogd w/ args as above. Then, 'tcpdump -c 100' 
shows:


08:23:13.844574 IP q6600.892 > kabini1.local.1023: Flags [F.], seq 77, 
ack 86, win 46, options [nop,nop,TS val 1691799656 ecr 1344249102], length 0
08:23:13.844599 IP kabini1.local.1023 > q6600.892: Flags [.], ack 78, 
win 1040, options [nop,nop,TS val 1344249102 ecr 1691799656], length 0
08:23:15.587348 IP kabini1.local.25455 > q6600.ssh: Flags [.], ack 
979662038, win 0, length 0
08:23:15.587449 IP kabini1.local.25455 > q6600.ssh: Flags [.], ack 1, 
win 1040, options [nop,nop,TS val 1344250845 ecr 1691521403], length 0
08:23:15.587470 IP q6600.ssh > kabini1.local.25455: Flags [.], ack 1, 
win 204, options [nop,nop,TS val 1691801399 ecr 1343970845], length 0
08:23:17.847390 IP kabini1.local.572754 > q6600.nfs: 40 null
08:23:17.847513 IP q6600.nfs > kabini1.local.572754: reply ok 24 null
08:23:25.760879 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 
685496912:685496960, ack 1741963517, win 1040, options [nop,nop,TS val 
1344261018 ecr 2649344], length 48
08:23:25.762723 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
1:49, ack 48, win 4197, options [nop,nop,TS val 2649683 ecr 1344261018], 
length 48
08:23:25.862332 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 49, 
win 1040, options [nop,nop,TS val 1344261120 ecr 2649683], length 0
08:23:25.968802 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 
48:96, ack 49, win 1040, options [nop,nop,TS val 1344261226 ecr 
2649683], length 48
08:23:25.970776 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
49:161, ack 96, win 4197, options [nop,nop,TS val 2649683 ecr 
1344261226], length 112
08:23:26.070254 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 161, 
win 1040, options [nop,nop,TS val 1344261328 ecr 2649683], length 0
08:23:26.200706 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 
96:144, ack 161, win 1040, options [nop,nop,TS val 1344261458 ecr 
2649683], length 48
08:23:26.207313 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
161:225, ack 144, win 4197, options [nop,nop,TS val 2649683 ecr 
1344261458], length 64
08:23:26.307341 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 225, 
win 1040, options [nop,nop,TS val 1344261565 ecr 2649683], length 0
08:23:26.400741 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 
144:192, ack 225, win 1040, options [nop,nop,TS val 1344261658 ecr 
2649683], length 48
08:23:26.402682 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
225:305, ack 192, win 4197, options [nop,nop,TS val 2649684 ecr 
1344261658], length 80
08:23:26.502205 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 305, 
win 1040, options [nop,nop,TS val 1344261760 ecr 2649684], length 0
08:23:26.576902 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 
192:240, ack 305, win 1040, options [nop,nop,TS val 1344261834 ecr 
2649684], length 48
08:23:26.578803 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
305:369, ack 240, win 4197, options [nop,nop,TS val 2649684 ecr 
1344261834], length 64
08:23:26.678213 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 369, 
win 1040, options [nop,nop,TS val 1344261936 ecr 2649684], length 0
08:23:28.232819 IP kabini1.local.36468 > RPiB+.ssh: Flags [P.], seq 
240:288, ack 369, win 1040, options [nop,nop,TS val 1344263490 ecr 
2649684], length 48
08:23:28.236986 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
369:417, ack 288, win 4197, options [nop,nop,TS val 2649687 ecr 
1344263490], length 48
08:23:28.336206 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 417, 
win 1040, options [nop,nop,TS val 1344263594 ecr 2649687], length 0
08:23:28.494514 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
417:481, ack 288, win 4197, options [nop,nop,TS val 2649688 ecr 
1344263594], length 64
08:23:28.496828 IP RPiB+.59735 > kabini1.local.syslog: SYSLOG 
syslog.error, length: 59
08:23:28.497229 IP RPiB+.59735 > kabini1.local.syslog: SYSLOG 
syslog.error, length: 59
08:23:28.500310 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
481:545, ack 288, win 4197, options [nop,nop,TS val 2649688 ecr 
1344263594], length 64
08:23:28.500405 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 545, 
win 1039, options [nop,nop,TS val 1344263758 ecr 2649688], length 0
08:23:30.538498 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
545:593, ack 288, win 4197, options [nop,nop,TS val 2649692 ecr 
1344263758], length 48
08:23:30.638333 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 593, 
win 1040, options [nop,nop,TS val 1344265896 ecr 2649692], length 0
08:23:30.723997 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
593:657, ack 288, win 4197, options [nop,nop,TS val 2649692 ecr 
1344265896], length 64
08:23:30.823253 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 657, 
win 1040, options [nop,nop,TS val 1344266081 ecr 2649692], length 0
08:23:30.947285 IP RPiB+.ssh > kabini1.local.36468: Flags [P.], seq 
657:705, ack 288, win 4197, options [nop,nop,TS val 2649693 ecr 
1344266081], length 48
08:23:30.995288 IP RPiB+.59733 > kabini1.local.syslog: SYSLOG 
syslog.info, length: 47
08:23:31.047337 IP kabini1.local.36468 > RPiB+.ssh: Flags [.], ack 705, 
win 1040, options [nop,nop,TS val 1344266305 ecr 2649693], length 0
08:23:47.848393 IP kabini1.local.572770 > q6600.nfs: 40 null
08:23:47.848535 IP q6600.nfs > kabini1.local.572770: reply ok 24 null
^C
74 packets captured
74 packets received by filter
0 packets dropped by kernel


[root@kabini1, /etc, 8:30:13am] 476 % tail -15 /var/log/messages ; 
hwclock -r ; date
Apr 23 15:55:03 kabini1 pkg: sssnips-0.05 installed
Apr 23 16:01:00 kabini1 pkg-static: gmake-4.1_1 installed
Apr 23 16:01:03 kabini1 pkg: sssnips-0.05 deinstalled
Apr 23 16:01:03 kabini1 pkg-static: sssnips-0.05 installed
Apr 27 08:54:42 kabini1 dbus[847]: [system] Failed to activate service 
'org.freedesktop.Avahi': timed out
Apr 27 09:08:34 kabini1 dbus[847]: [system] Failed to activate service 
'org.freedesktop.Avahi': timed out
Apr 27 10:12:49 kabini1 dbus[847]: [system] Failed to activate service 
'org.freedesktop.Avahi': timed out
Apr 28 09:30:12 kabini1 kernel: Limiting closed port RST response from 
276 to 200 packets/sec
Apr 28 09:30:13 kabini1 kernel: Limiting closed port RST response from 
239 to 200 packets/sec
Apr 28 09:30:14 kabini1 kernel: Limiting closed port RST response from 
280 to 200 packets/sec
Apr 28 09:30:16 kabini1 kernel: Limiting closed port RST response from 
319 to 200 packets/sec
Apr 30 08:13:49 kabini1 syslogd: exiting on signal 15
Apr 30 08:13:49 kabini1 syslogd: kernel boot file is /boot/kernel/kernel
Apr 30 08:16:36 kabini1 kernel: re0: promiscuous mode enabled
Apr 30 08:17:53 kabini1 kernel: re0: promiscuous mode disabled
hwclock: Command not found.
Thu Apr 30 08:30:22 MCDT 2015
[root@kabini1, /etc, 8:30:22am] 477 %


i.e. still nothing. When I restarted the syslogd on the RPiB+, @ 8:23:43 
local time:


rpi # rc.d/syslogd restart
Stopping syslogd.
Waiting for PIDS: 2779.
Starting syslogd.
rpi # tail -15 /var/log/messages ; date
Apr 26 22:00:00 rpi syslogd[603]: restart
Apr 27 22:00:01 rpi syslogd[603]: restart
Apr 28 08:00:00 rpi syslogd[603]: restart
Apr 28 22:00:00 rpi syslogd[603]: restart
Apr 29 14:54:44 rpi syslogd[603]: Exiting on signal 15
Apr 29 10:01:01 rpi syslogd[25366]: restart
Apr 29 17:06:15 rpi syslogd[25366]: restart
Apr 30 07:28:32 rpi syslogd[25366]: Exiting on signal 15
Apr 30 07:28:34 rpi syslogd[27124]: restart
Apr 30 08:20:34 rpi syslogd[27124]: Exiting on signal 15
Apr 30 08:20:34 rpi syslogd[27124]: Exiting on signal 15
Apr 30 08:20:37 rpi syslogd[2779]: restart
Apr 30 08:23:43 rpi syslogd[2779]: Exiting on signal 15
Apr 30 08:23:43 rpi syslogd[2779]: Exiting on signal 15
Apr 30 08:23:45 rpi syslogd[14885]: restart
Thu Apr 30 08:27:37 MCDT 2015
rpi #

Any more clues appreciated ....

-- 

	William A. Mahaffey III

  ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                            -- Gen. George S. Patton Jr.




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?55422E43.8090206>