Syslog not logging remote host
web at 3dresearch.com
web at 3dresearch.com
Sat Apr 14 05:44:18 UTC 2007
At 08:48 PM 4/13/2007, you wrote:
>"Janos Dohanics" <web at 3dresearch.com> wrote:
> >
> > I'm trying capture logs from m0n0wall, but the log file is empty.
> >
> > Here is my configuration:
> >
> > On the logging machine, in /etc/rc.conf:
> >
> > syslogd_flags="-a 10.61.70.1"
> >
> > In /etc/syslog.conf:
> >
> > +10.61.70.1
> > *.* /var/log/m0n0wall.log
> >
> > /var/log/m0n0wall.log exists and writable:
> >
> > -rw-rw-r-- 1 root network 0 Apr 13 00:32 /var/log/m0n0wall.log
> >
> > The m0n0wall is configured to send logs to 10.61.70.100, which is the
> > logging machine.
> >
> > What am I missing?
>
>Start with tcpdump on the receiving machine:
>tcpdump 'port 514'
>to see if you're even receiving messages from the monowall machine.
>
>If not, then double-check your config on the monowall machine. If so,
>check the receiving machine.
Bill,
looks like 10.61.70.100 is receiving packets:
00:58:07.203800 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 126
00:58:33.295297 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 44
00:58:33.340779 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 49
00:59:21.436782 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 55
00:59:21.438125 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 71
00:59:21.439305 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 99
00:59:21.440458 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 92
>Did you restart syslogd on both systems after making config changes?
I have...
Janos
--
Janos Dohanics
More information about the freebsd-questions
mailing list