minor syslog issue
William A. Mahaffey III
wam at hiwaay.net
Fri May 1 03:16:47 UTC 2015
On 04/30/15 22:08, John Howie wrote:
> Hi William,
>
> Why not just "/etc/rc.d/syslogd restart²?
>
> Regards,
>
> John
>
>
> On 4/30/15, 7:45 PM, "William A. Mahaffey III" <wam at hiwaay.net> wrote:
>
>> On 04/30/15 18:42, William A. Mahaffey III wrote:
>>> On 04/30/15 09:02, Matthew Seaman wrote:
>>>> On 04/30/15 14:28, William A. Mahaffey III wrote:
>>>>> 08:23:28.496828 IP RPiB+.59735 > kabini1.local.syslog: SYSLOG
>>>>> syslog.error, length: 59
>>>>> 08:23:28.497229 IP RPiB+.59735 > kabini1.local.syslog: SYSLOG
>>>>> syslog.error, length: 59
>>>> This is the only relevant bit out of your tcpdump output -- it usually
>>>> helps if you filter out as much of the irrelevant stuff that you
>>>> can[*].
>>>>
>>>> Anyhow, as you can see, your RPiB+ is logging *from* an arbitrary
>>>> high-numbered port. This time it happens to be using 59735 but that
>>>> would probably change with each restart of syslogd. Basically use the
>>>> '-a 192.168.0.0/16:*' form in this case.
>>>>
>>>> Cheers,
>>>>
>>>> Matthew
>>>>
>>>> [*] ie. 'tcpdump port syslog' should work as the packets are being sent
>>>> to the syslog port on your server.
>>>>
>>> An update here, I kicked off the above command on both the RPi &
>>> kabini1. It took a while, but the RPi did its daily 'syslogd restart':
>>>
>>>
>>> Apr 27 22:00:01 rpi syslogd[603]: restart
>>> Apr 28 08:00:00 rpi syslogd[603]: restart
>>> Apr 28 22:00:00 rpi syslogd[603]: restart
>>> Apr 29 14:54:44 rpi syslogd[603]: Exiting on signal 15
>>> Apr 29 10:01:01 rpi syslogd[25366]: restart
>>> Apr 29 17:06:15 rpi syslogd[25366]: restart
>>> Apr 30 07:28:32 rpi syslogd[25366]: Exiting on signal 15
>>> Apr 30 07:28:34 rpi syslogd[27124]: restart
>>> Apr 30 08:20:34 rpi syslogd[27124]: Exiting on signal 15
>>> Apr 30 08:20:34 rpi syslogd[27124]: Exiting on signal 15
>>> Apr 30 08:20:37 rpi syslogd[2779]: restart
>>> Apr 30 08:23:43 rpi syslogd[2779]: Exiting on signal 15
>>> Apr 30 08:23:43 rpi syslogd[2779]: Exiting on signal 15
>>> Apr 30 08:23:45 rpi syslogd[14885]: restart
>>> Apr 30 08:41:03 rpi syslogd[14885]: Exiting on signal 15
>>> Apr 30 08:41:03 rpi syslogd[14885]: Exiting on signal 15
>>> Apr 30 08:41:05 rpi syslogd[27342]: restart
>>> Apr 30 09:25:16 rpi syslogd[27342]: Exiting on signal 15
>>> Apr 30 09:25:16 rpi syslogd[27342]: Exiting on signal 15
>>> Apr 30 09:25:18 rpi syslogd[11087]: restart
>>> Apr 30 09:26:03 rpi timed[6547]: This machine is master
>>> Apr 30 17:06:15 rpi syslogd[11087]: restart
>>> Thu Apr 30 18:32:45 MCDT 2015
>>> rpi #
>>>
>>>
>>> & I got packets both from the RPi & to kabini1, but nothing in
>>> kabini1's logfile:
>>>
>>> rpi # tcpdump port syslog
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on usmsc0, link-type EN10MB (Ethernet), capture size 65535
>>> bytes
>>> 17:06:00.980239 IP 192.168.0.1.59623 > 192.168.0.27.syslog: SYSLOG
>>> syslog.info, length: 47
>>>
>>> [root at kabini1, /etc, 9:26:24am] 503 % tcpdump port syslog
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes
>>> 17:07:00.976242 IP RPiB+.59623 > kabini1.local.syslog: SYSLOG
>>> syslog.info, length: 47
>>>
>>> [root at kabini1, /etc, 6:31:31pm] 364 % tail -15 /var/log/messages ;
>>> hwclock -r ; date
>>> Apr 28 09:30:12 kabini1 kernel: Limiting closed port RST response from
>>> 276 to 200 packets/sec
>>> Apr 28 09:30:13 kabini1 kernel: Limiting closed port RST response from
>>> 239 to 200 packets/sec
>>> Apr 28 09:30:14 kabini1 kernel: Limiting closed port RST response from
>>> 280 to 200 packets/sec
>>> Apr 28 09:30:16 kabini1 kernel: Limiting closed port RST response from
>>> 319 to 200 packets/sec
>>> Apr 30 08:13:49 kabini1 syslogd: exiting on signal 15
>>> Apr 30 08:13:49 kabini1 syslogd: kernel boot file is /boot/kernel/kernel
>>> Apr 30 08:16:36 kabini1 kernel: re0: promiscuous mode enabled
>>> Apr 30 08:17:53 kabini1 kernel: re0: promiscuous mode disabled
>>> Apr 30 08:33:43 kabini1 kernel: re0: promiscuous mode enabled
>>> Apr 30 08:41:19 kabini1 kernel: re0: promiscuous mode disabled
>>> Apr 30 08:52:53 kabini1 kernel: re0: promiscuous mode enabled
>>> Apr 30 09:07:57 kabini1 kernel: re0: promiscuous mode disabled
>>> Apr 30 09:18:45 kabini1 syslogd: exiting on signal 15
>>> Apr 30 09:18:45 kabini1 syslogd: kernel boot file is /boot/kernel/kernel
>>> Apr 30 09:20:47 kabini1 kernel: re0: promiscuous mode enabled
>>> hwclock: Command not found.
>>> Thu Apr 30 18:39:25 MCDT 2015
>>> [root at kabini1, /etc, 6:39:25pm] 365 %
>>>
>>> syslogd on kabini1 should be accepting traffic from all ports:
>>>
>>> [root at kabini1, /etc, 6:40:19pm] 366 % ps -ax | grep syslog
>>> 783 ?? Is 0:39.07 /usr/sbin/amd -p -a /.amd_mnt -l syslog
>>> /host /etc/amd.map /net /etc/amd.map
>>> 73506 ?? Is 0:00.10 /usr/sbin/syslogd -a 192.168.0.0/16:* -C -T
>>> 8622 4 S+ 0:00.00 grep syslog
>>> 73648 7 S+ 0:00.93 tcpdump port
>>>
>>> i.e. looks like the traffic is there, but syslogd isn't recording it
>>> (?) .... Any clues appreciated.
>>>
>> *Aaaaaaaaaaaaack* !!!! Looks like ipfw was catching it, I had changed my
>> rules to allow *some* udp traffic a few days ago, but didn't open it up
>> enough. Just changed that & we'll see either later today or tomorrow at
>> the next 'syslogd restart' .... Sorry for the noise :-/ ....
>>
>> --
>>
>> William A. Mahaffey III
>>
>> ----------------------------------------------------------------------
>>
>> "The M1 Garand is without doubt the finest implement of war
>> ever devised by man."
>> -- Gen. George S. Patton Jr.
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>
I did that some, wasn't sure if my manual restart might be operating
differently than its internal restart (you can see several random
restarts logged, those were me) .... No problema, I can be patient ....
--
William A. Mahaffey III
----------------------------------------------------------------------
"The M1 Garand is without doubt the finest implement of war
ever devised by man."
-- Gen. George S. Patton Jr.
More information about the freebsd-questions
mailing list