docs/161129: syslog does not accept remote host logs

Glen Barber gjb at FreeBSD.org
Thu Sep 29 18:00:28 UTC 2011 

The following reply was made to PR docs/161129; it has been noted by GNATS.

From: Glen Barber <gjb at FreeBSD.org>
To: Andrei Kolu <antik at bsd.ee>
Cc: bug-followup at FreeBSD.org
Subject: Re: docs/161129: syslog does not accept remote host logs
Date: Thu, 29 Sep 2011 13:51:33 -0400

 Hi,
 
 On 9/29/11 1:30 PM, Andrei Kolu wrote:
 >> Number:         161129
 >> Category:       docs
 >> Synopsis:       syslog does not accept remote host logs
 
 >> Description:
 > If I configure syslog for remote logging according to this manual:
 > http://www.freebsd.org/doc/handbook/network-syslogd.html
 > 
 > ####hosts file
 > 10.10.10.1 cisco1812 cisco1812.example.com
 > 
 > ####rc.conf
 > syslogd_enable="YES"
 > syslogd_flags="-d -a 10.10.10.1 -v -v"
 > 
 > ####syslog.conf
 > # Logging cisco
 > +cisco1812.example.com
 > *.* /var/log/cisco1812.example.com.log
 > 
 > then syslog would give me this error:
 > 
 > "validate: dgram from IP 10.10.10.1, port 54446, name cisco1812.example.com;
 > rejected in rule 0 due to port mismatch."
 
 According to syslogd(8):
 
 % Multiple -a options may be specified.
 % The allowed_peer option may be any of the following:
 % ipaddr/masklen[:service]    Accept datagrams from ipaddr (in the
 %                             usual dotted quad notation) with
 %                             masklen bits being taken into account
 %                             when doing the address comparison.
 %                             ipaddr can be also IPv6 address by
 %                             enclosing the address with ‘[’ and
 %                             ‘]’.  If specified, service is the
 %                             name or number of an UDP service (see
 %                             services(5)) the source packet must
 %                             belong to.  A service of ‘*’ allows
 %                             packets being sent from any UDP port.
 %                             The default service is ‘syslog’.
 
 So, if ":*" or some other port is not specified, the default will be the
 syslog UDP port 514 (from /etc/services).  According to the above, your
 cisco device is using port 54446.  I suspect this will work with the
 following rc.conf entry:
 
  ####rc.conf
  syslogd_enable="YES"
  syslogd_flags="-d -a 10.10.10.1:54446 -v -v"
 
 Can you please try this, and let us know?
 
 Regards,
 
 Glen
 
 -- 
 Glen Barber | gjb at FreeBSD.org
 FreeBSD Documentation Project

More information about the freebsd-doc mailing list