Syslog not logging remote host

web at 3dresearch.com web at 3dresearch.com
Sun Apr 15 19:23:21 UTC 2007 

At 08:48 PM 4/13/2007, you wrote:
>"Janos Dohanics" <web at 3dresearch.com> wrote:
> >
> > I'm trying capture logs from m0n0wall, but the log file is empty.
> >
> > Here is my configuration:
> >
> > On the logging machine, in /etc/rc.conf:
> >
> > syslogd_flags="-a 10.61.70.1"
> >
> > In /etc/syslog.conf:
> >
> > +10.61.70.1
> > *.*                                             /var/log/m0n0wall.log
> >
> > /var/log/m0n0wall.log exists and writable:
> >
> > -rw-rw-r--  1 root  network  0 Apr 13 00:32 /var/log/m0n0wall.log
> >
> > The m0n0wall is configured to send logs to 10.61.70.100, which is the
> > logging machine.
> >
> > What am I missing?
>
>Start with tcpdump on the receiving machine:
>tcpdump 'port 514'
>to see if you're even receiving messages from the monowall machine.
>
>If not, then double-check your config on the monowall machine.  If so,
>check the receiving machine.
>
>Did you restart syslogd on both systems after making config changes?

My apologies to everyone trying to help me for wasting their time - 
10.61.70.100 is happily logging what 10.61.70.1 is sending.

10.61.70.1 is being logged to /var/log/messages (finally occurred to me to 
check that).

What I'm wondering now is that why is 10.61.70.1 not being logged in 
/var/log/m0n0wall.log? Here is my /etc/syslog.conf:

*.err;kern.warning;auth.notice;mail.crit                /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err 
/var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs
ftp.info                                        /var/log/xferlog
cron.*                                          /var/log/cron
*.=debug                                        /var/log/debug.log
*.emerg                                         *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info                                   /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.*                                            /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.*                                            @loghost
# uncomment these if you're running inn
# news.crit                                     /var/log/news/news.crit
# news.err                                      /var/log/news/news.err
# news.notice                                   /var/log/news/news.notice
!startslip
*.*                                             /var/log/slip.log
!ppp
*.*                                             /var/log/ppp.log
+10.61.70.1
*.*                                             /var/log/m0n0wall.log

--
Janos Dohanics

More information about the freebsd-questions mailing list