Syslog server not logging remote machines to file?
Kaya Saman
kayasaman at gmail.com
Sat Nov 19 17:01:03 UTC 2011
On 11/19/2011 06:52 PM, Robert Bonomi wrote:
>> From kayasaman at gmail.com Sat Nov 19 09:33:08 2011
>> Date: Sat, 19 Nov 2011 17:31:50 +0200
>> From: Kaya Saman<kayasaman at gmail.com>
>> To: Robert Bonomi<bonomi at mail.r-bonomi.com>
>> CC: freebsd-questions at freebsd.org
>> Subject: Re: Syslog server not logging remote machines to file?
>>
>> On 11/19/2011 05:21 PM, Robert Bonomi wrote:
>>> Kaya Saman<kayasaman at gmail.com> wrote:
>>>> Hi,
>>>>
>>>> I've got a really strange problem which seems to either be a bug with
>>>> the syslog server service or perhaps because I'm running jails on my
>>>> system.....
>>>>
>>>> I can log my router syslog information but somehow the syslog server
>>>> doesn't put the information into the designated file; which should be
>>>> /var/log/cisco857w.log???
>>>>
>>> The -usual- 'gotcha' for this situation is that you have to _create_ the
>>> file FIRST, and then tell syslogd to reload it's configuration. (i.e.
>>> 'kill -HUP' the PID for syslogd)
>>>
>>>
>> That's ok, however due to me running syslogd in debug mode anyway - ctrl
>> + c should do that anyway..... I performed a: ps aux | grep syslog with
>> no result other then my 'grepping' displayed.
>>
>> Meaning that the syslog daemon should have reloaded right? - I mean it's
>> standard for everything else which works in that way!
> Well if ps -aux doesn't show any syslogd entry, then syslogd is -not-
> running -- which would explain why it's not logging anything to the file :)
>
> If you're stopping and restarting syslogd, then, yes, that causes it to
> re-read the configuration.
>
> This begs the question, however, *DOES* that file exist? syslog does _not_
> _create_ a missing logfile, just because it is mentioned in the syslog.conf
> file.
> g
Robert,
I can assure that syslogd is running, hence the logging posted within my
first email to the list. When run with the -d and -vv flags set in
/etc/rc.conf I need to use ctrl +c to break out of it as it logs
directly to the tty.
Just to go over it again, output from syslogd with -d and -vv flags set
running in debug mode shows:
{
logmsg: pri 56, flags 4, from Server, msg syslogd: restart
syslogd: restarted
logmsg: pri 6, flags 4, from Server, msg syslogd: kernel boot file is
/boot/kernel/kernel
Logging to FILE /var/log/messages
syslogd: kernel boot file is /boot/kernel/kernel
logmsg: pri 166, flags 17, from Server, msg Nov 19 12:33:34 <syslog.err>
Server syslogd: exiting on signal 2
cvthname(192.168.1.1)
validate: dgram from IP 192.168.1.1, port 59189, name router.domain;
accepted in rule 0.
logmsg: pri 275, flags 0, from cisco857w, msg 10048: 010035: Nov 19
10:33:48.037: %SYS-5-CONFIG_I: Configured from console by admin on vty0
(192.168.1.120)
}
The file is mentioned in syslogd config and seems to be loaded within
the configuration:
{
cfline("*.* /var/log/cisco857w.log", f, "*",
"+192.168.1.1")
7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE:
/var/log/cisco857w.log
}
The file *has* been created also under /var/log/ dir however self
creation is possible using the -C flag within /etc/rc.conf file; and
give 'appropriate' permission 600:
{
# ls -l /var/log | grep cisco857
-rw------- 1 root wheel 0 Nov 18 16:32 cisco857w.log
}
So after all this looks {**perfect**} what can this mysterious problem be??
More information about the freebsd-questions
mailing list