[Bug 234968] syslogd remote logging doens't work (regression ?)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jan 15 10:45:59 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234968
Bug ID: 234968
Summary: syslogd remote logging doens't work (regression ?)
Product: Base System
Version: 12.0-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: julien at perdition.city
Created attachment 201159
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=201159&action=edit
logging jail syslogd
Hello,
I have a JAIL (logging, 10.209.1.31) which is used as a centralized log host.
The JAIL and the HOST are running FreeBSD 12.0-RELEASE.
The JAIL has an unmodified syslog.conf with one extra file in
/usr/local/etc/syslog.d:
root at logging:~ # ls -l /usr/local/etc/syslog.d
total 5
-rw-r--r-- 1 root wheel 312 Jan 15 10:45 saltstack.conf
root at logging:~ # cat /usr/local/etc/syslog.d/saltstack.conf
+router1.lan,router2.lan,router.lan
local6.=info /var/log/haproxy/http-access.log
local6.=err /var/log/haproxy/http-error.log
local5.* /var/log/haproxy/smtp.log
+dev.lan,antabif.lan,gitlab.lan,sandbox.lan,www1.prod.lan,www2.prod.lan
local6.=info /var/log/httpd/access.log
local6.=err /var/log/httpd/error.log
DNS and reverse DNS are working properly. If I'm tcpdumping on the HOST
everything look OK, packets are properly sent from remote hosts:
root at HOST:~/ sudo tcpdump -n -i bge0 -p udp port 514 and host logging.lan
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bge0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:31:37.273760 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 207
11:31:37.501015 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 208
11:31:38.074736 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local5.info,
length: 151
11:31:38.501954 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 208
11:31:38.504479 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 205
11:31:38.586405 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 207
11:31:38.943227 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local5.info,
length: 151
11:31:39.378678 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 177
11:31:39.500904 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 208
11:31:39.680232 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 177
11:31:39.694193 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 219
11:31:39.906661 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local5.info,
length: 151
11:31:40.134680 IP 192.168.10.34.514 > 10.209.1.31.514: SYSLOG local6.error,
length: 246
11:31:40.276486 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 207
11:31:40.494038 IP 192.168.10.34.514 > 10.209.1.31.514: SYSLOG local6.error,
length: 246
11:31:40.501695 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 208
11:31:40.612300 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 241
11:31:40.745679 IP 10.209.1.252.43055 > 10.209.1.31.514: SYSLOG local6.info,
length: 236
(...)
I've launched syslogd in debug mode in the JAIL and as you can see syslog
messages arrive properly to the syslogd (see attachment). For some unknown
reasons nothing gets logged to /var/log/haproxy/*.log
DNS and reverse DNS are working properly:
root at logging:~ # host 10.209.1.252
252.1.209.10.in-addr.arpa domain name pointer router1.lan.
root at logging:~ # host router1.lan
router1.lan has address 10.209.1.252
syslogd on the HOST is binded to the HOST ip, files exist in /var/log/haproxy
in the JAIL, etc:
root at logging:~ # ls -l /var/log/haproxy/
total 2
-rw------- 1 root wheel 0 Jan 15 10:48 http-access.log
-rw------- 1 root wheel 0 Jan 15 10:48 http-error.log
-rw------- 1 root wheel 0 Jan 15 10:48 smtp.log
Note that the same config worked in 10.4-RELEASE as expected and I'm out of
ideas why it doesn't work on 12.0-RELEASE
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list