remote syslogging
Aaron Peterson
dopplecoder at gmail.com
Fri Aug 12 20:15:23 GMT 2005
in /etc/rc.conf:
syslogd_enable="YES"
syslogd_flags="-a 172.24.169.44/32:* -a 172.24.169.46/32:*"
---------------------------------------
in syslog.conf:
!*
+chsfirewall1
local6.notice /var/log/firewall/chsfirewall1.log
+chsfirewall2
local6.notice /var/log/firewall/chsfirewall2.log
------------------------------------
$ ls -l /var/log/firewall
total 0
-rw------- 1 root wheel 0 Aug 12 15:23 chsfirewall1.log
-rw------- 1 root wheel 0 Aug 12 15:33 chsfirewall2.log
-------------------------------------
in /etc/hosts
172.24.169.44 chsfirewall1
172.24.169.46 chsfirewall2
-------------------------------------
$ tcpdump -i fxp0 -w firewall.bin udp and dst port 514
15:58:57.151625 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
15:58:57.151763 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
15:58:57.151889 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 147
15:58:57.152014 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 147
15:58:57.152141 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
15:58:57.166549 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
15:58:57.166688 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 152
15:58:57.166817 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
15:58:57.166965 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 149
15:58:57.167194 IP chsfirewall1.blackjack > xavier.syslog: UDP, length: 148
15:58:59.086044 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148
15:58:59.086179 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148
15:58:59.086306 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 148
15:58:59.109459 IP chsfirewall2.blackjack > xavier.syslog: UDP, length: 149
ethereal outpug for the same traffic:
Frame 2226 (191 bytes on wire, 96 bytes captured)
Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
Internet Protocol, Src Addr: 172.24.169.44 (172.24.169.44), Dst Addr:
172.26.35.21 (172.26.35.21)
User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
Syslog message: LOCAL6.NOTICE: 13445 08/12/2005 16:09:20 t...
No. Time Source Destination Protocol Info
2227 0.922397 172.24.169.44 172.26.35.21 Syslog
LOCAL6.NOTICE: 13445 08/12/2005 16:09:20 t...
Frame 2227 (190 bytes on wire, 96 bytes captured)
Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
Internet Protocol, Src Addr: 172.24.169.44 (172.24.169.44), Dst Addr:
172.26.35.21 (172.26.35.21)
User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
Syslog message: LOCAL6.NOTICE: 13445 08/12/2005 16:09:20 t...
No. Time Source Destination Protocol Info
2228 2.841247 172.24.169.46 172.26.35.21 Syslog
LOCAL6.NOTICE: 6129 08/12/2005 16:05:34 tE...
Frame 2228 (190 bytes on wire, 96 bytes captured)
Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr:
172.26.35.21 (172.26.35.21)
User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:34 tE...
No. Time Source Destination Protocol Info
2229 2.841382 172.24.169.46 172.26.35.21 Syslog
LOCAL6.NOTICE: 6129 08/12/2005 16:05:42 tE...
Frame 2229 (190 bytes on wire, 96 bytes captured)
Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr:
172.26.35.21 (172.26.35.21)
User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:42 tE...
No. Time Source Destination Protocol Info
2230 2.841509 172.24.169.46 172.26.35.21 Syslog
LOCAL6.NOTICE: 6129 08/12/2005 16:05:47 tE...
Frame 2230 (190 bytes on wire, 96 bytes captured)
Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr:
172.26.35.21 (172.26.35.21)
User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:47 tE...
No. Time Source Destination Protocol Info
2231 2.864662 172.24.169.46 172.26.35.21 Syslog
LOCAL6.NOTICE: 6129 08/12/2005 16:05:48 tE...
Frame 2231 (191 bytes on wire, 96 bytes captured)
Ethernet II, Src: 00:04:38:6f:42:04, Dst: 00:50:8b:6c:5d:eb
Internet Protocol, Src Addr: 172.24.169.46 (172.24.169.46), Dst Addr:
172.26.35.21 (172.26.35.21)
User Datagram Protocol, Src Port: blackjack (1025), Dst Port: syslog (514)
Syslog message: LOCAL6.NOTICE: 6129 08/12/2005 16:05:48 tE...
...
Nothing in /var/log/firewall/chsfirewall1.log or chsfirewall2.log
I must be missing something...
More information about the freebsd-questions
mailing list