Date: Wed, 01 Apr 2015 11:04:56 +0100 From: Matthew Seaman <matthew@freebsd.org> To: freebsd-hackers@freebsd.org Subject: Re: mess with syslogd Message-ID: <551BC2C8.8020806@freebsd.org> In-Reply-To: <alpine.BSF.2.20.1504011133150.1486@laptop.wojtek.intra> References: <alpine.BSF.2.20.1504011133150.1486@laptop.wojtek.intra>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mfxsutj3NW9S6UgEfpwi352lTGuATPCmm Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 04/01/15 10:36, Wojciech Puchar wrote: > no idea how to debug a problem with syslogd. please help >=20 > i use syslogd to log messages from multiple other unix machines, now i > wanted to add logging from windows server (with evtsys program). >=20 > if i run syslogd with >=20 > syslogd_enable=3D"YES" # Run syslog daemon (or NO). > syslogd_flags=3D"-v -4 -8 -b 10.100.100.1" >=20 >=20 > it logs messages fine from windows server as well as others. >=20 >=20 > if i run it as >=20 > syslogd_flags=3D"-v -4 -8 -b 10.100.100.1 -a 10.100.0.0/16" >=20 > it logs messages fine from everything except windows servers, WHICH ARE= > IN 10.100.0.0/16 network. >=20 > Now i just use firewall rules to block logging from unwanted places, bu= t > no idea why just using -a blocks logs from windows/evtsys >=20 > any idea? >=20 You're implicitly telling syslogd what port numbers to accept on the sending side. The default is only to allow sending from port 514. Instead, try: syslogd_flags=3D"-v -4 -8 -b 10.100.100.1 -a 10.100.0.0/16:*" In theory you should be able to limit to only accepting packets sent from port 514 but I've found various different devices may use different ports. Looking at: # tcpdump -i em0 -A host 10.100.100.1 and port 514 should show what your systems are actually using. Cheers, Matthew --mfxsutj3NW9S6UgEfpwi352lTGuATPCmm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJVG8LIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnXnwQAJhdeT6GAJWssi4OZxsLLWCd blZHEUcOW0rnYFq1cle5LpDWlyUOZ2t/USRhk+G2O4gk1ceXjywmByCGpykxx9d9 W+zaYyZwqHD4m22hveYH/uRV/IT6qMEYjI8cOeHBA5zoF8wpmi4tKWDP7RdJ0efQ tki8J07xWXvKSCWi4H4xvOvvTL2ZUwXec+DVJEuXqJTK3Hrf+vaJdfgR/pfsESIR RSgD6HFsRvhKjJX7YYZBMN/PjlGVLjMWDN7YlelflcDhuNxcQmmw9zzFzzPpVl19 fL+h86cCfKH2lgmQsCI7bFVKCWTT/kFaIv/9zQMfM119Yuga1g7BdRC8y5N7vXTI NosZNgL54Nv1rOnm8G/+vtW16PmyntN9hta9rQQLChGFHJed5XlngVA4Li1dxDNB 66lu6uxQe5J66+Thi7QkCdjtkx9PnJTZxUtwRyYJT7/keAt6frUBDQhJwB7B9hwM OXt7kVCKT51GtvzJCvHGX/YYr2jbMk/JmVQAANUy3t50FFDMFzPRvaMmfRFEEZJi aA8123udoVULtFaq2I7LiBQwMpaDw0cjbNO0T1333XG9veEtNeUPg85dGwcFEc2v wv+E5BERRsCqzhNwQguQeIRfwReSOP3CtqKXrbGoNJfCrzWXj553JTHl39cRZv5J vgvVnMFzbWoOk1Ak450s =fEuG -----END PGP SIGNATURE----- --mfxsutj3NW9S6UgEfpwi352lTGuATPCmm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551BC2C8.8020806>