remote logging with syslogd
david.robillard at gmail.com
Thu Mar 22 14:45:04 UTC 2007
> I'm trying to put up a remote logging server. I want to let my
> Airport Express send its logs to my FreeBSD server.
> So I said to my Airport to send its logs to the internal ip of my
> server, I suppose it works because that's what Apple hardware does.
> Now I did the following things on my bsdbox:
> I appended to syslog.conf:
> # Log remote Airport Express
> *.* /var/log/airport.log
> I touched /var/log/airport.log and it has rw-r----- root:wheel rights
> And to rc.conf I added:
> syslogd_flags="-b myhostname.intranet -a *.intranet"
> I restarted syslogd via:
> # /etc/rc.d/syslogd restart
> I suppose it should work, but nothing appears in /var/log/airport and
> there should be something that it listens for input or not?
> Also I checked netstat -a | grep syslog
> udp4 0 0 myhostname.intranet..syslo *.*
> So it looks like it is not listening.
> Anyone any ideas what I'm doing wrong?
The Apple AirPort products, both Extreme and Express, do not use the
standard syslog UDP port 514. They send it at a higher port. Just like
most Cisco devices do.
So to enable logging on a FreeBSD host, you must change your
rc.conf(5) syslog_flags line to enable other non-standard syslog
ports. Try something like this:
syslogd_flags="-b myhostname.intranet -a *.intranet:*"
Since you're using names instead of IP addresses in your
configuration, make sure your DNS resolves both A and PTR records for
UNIX systems administrator & Oracle DBA
CISSP, RHCE & Sun Certified Security Administrator
Montreal: +1 514 966 0122
More information about the freebsd-questions