remote logging with syslogd
Guido Demmenie
rottweilertje at rottnic.nl
Thu Mar 22 21:44:41 UTC 2007
On Mar 22, 2007, at 3:45 PM, David Robillard wrote:
>> Hello,
>>
>> I'm trying to put up a remote logging server. I want to let my
>> Airport Express send its logs to my FreeBSD server.
>>
>> So I said to my Airport to send its logs to the internal ip of my
>> server, I suppose it works because that's what Apple hardware does.
>> Now I did the following things on my bsdbox:
>>
>>
>> I appended to syslog.conf:
>>
>> # Log remote Airport Express
>> +airport
>> *.* /var/log/airport.log
>> !*
>>
>> I touched /var/log/airport.log and it has rw-r----- root:wheel rights
>>
>> And to rc.conf I added:
>>
>> syslogd_enable="YES"
>> syslogd_flags="-b myhostname.intranet -a *.intranet"
>>
>> I restarted syslogd via:
>> # /etc/rc.d/syslogd restart
>>
>> I suppose it should work, but nothing appears in /var/log/airport and
>> there should be something that it listens for input or not?
>>
>> Also I checked netstat -a | grep syslog
>> udp4 0 0 myhostname.intranet..syslo *.*
>>
>> So it looks like it is not listening.
>>
>> Anyone any ideas what I'm doing wrong?
>
> The Apple AirPort products, both Extreme and Express, do not use the
> standard syslog UDP port 514. They send it at a higher port. Just like
> most Cisco devices do.
>
> So to enable logging on a FreeBSD host, you must change your
> rc.conf(5) syslog_flags line to enable other non-standard syslog
> ports. Try something like this:
>
> syslogd_flags="-b myhostname.intranet -a *.intranet:*"
>
> Since you're using names instead of IP addresses in your
> configuration, make sure your DNS resolves both A and PTR records for
> the AirPort.
Thnx for the tip. Found out that it was not the airport UDP port. It is
some misconfiguration in my DNS, but still don't get why it doesn't work
as expected. For some reason my DNS-name is snipped just before the TLD.
Oh btw i changed some configs
I prepended to /etc/syslog.conf the next and deleted what I wrote above
# Log remote Airport Express
+airport.intranet.mydomain.org
*.* /var/log/airport.log
+*
!*
And in rc.conf I changed the above to:
syslogd_enable="YES"
syslogd_flags="-b myhostname.intranet.mydomain.org -a
airport.intranet.mydomain.org"
So what comes in on syslogd looks like "airport.intranet.mydomain" so no
.org or something. I really don't get where that comes from. But now
syslogd rejects because of "name mismatch".
I suppose something is wrong with either my DNS or my DHCP (appending
the domainname??), but at dhcpd I have the option "domain-name" set to
"intranet.mydomain.org". So still don't get whats going wrong.
My dns gives a the right IP and reverse gives right name.
dig airport.intranet.mydomain.org --> 10.0.10.30
dig -x 10.0.10.30 --> airport.intranet.mydomain.org
So anyone any ideas?
TIA
--Guido
www.rottnic.nl
More information about the freebsd-questions
mailing list