remote logging with syslogd
Guido Demmenie
rottweilertje at rottnic.nl
Thu Mar 22 22:19:51 UTC 2007
On Mar 22, 2007, at 10:44 PM, Guido Demmenie wrote:
>
> On Mar 22, 2007, at 3:45 PM, David Robillard wrote:
>
>>> Hello,
>>>
>>> I'm trying to put up a remote logging server. I want to let my
>>> Airport Express send its logs to my FreeBSD server.
>>>
>>> So I said to my Airport to send its logs to the internal ip of my
>>> server, I suppose it works because that's what Apple hardware does.
>>> Now I did the following things on my bsdbox:
>>>
>>>
>>> I appended to syslog.conf:
>>>
>>> # Log remote Airport Express
>>> +airport
>>> *.* /var/log/airport.log
>>> !*
>>>
>>> I touched /var/log/airport.log and it has rw-r----- root:wheel
>>> rights
>>>
>>> And to rc.conf I added:
>>>
>>> syslogd_enable="YES"
>>> syslogd_flags="-b myhostname.intranet -a *.intranet"
>>>
>>> I restarted syslogd via:
>>> # /etc/rc.d/syslogd restart
>>>
>>> I suppose it should work, but nothing appears in /var/log/airport
>>> and
>>> there should be something that it listens for input or not?
>>>
>>> Also I checked netstat -a | grep syslog
>>> udp4 0 0 myhostname.intranet..syslo *.*
>>>
>>> So it looks like it is not listening.
>>>
>>> Anyone any ideas what I'm doing wrong?
>>
>> The Apple AirPort products, both Extreme and Express, do not use the
>> standard syslog UDP port 514. They send it at a higher port. Just
>> like
>> most Cisco devices do.
>>
>> So to enable logging on a FreeBSD host, you must change your
>> rc.conf(5) syslog_flags line to enable other non-standard syslog
>> ports. Try something like this:
>>
>> syslogd_flags="-b myhostname.intranet -a *.intranet:*"
>>
>> Since you're using names instead of IP addresses in your
>> configuration, make sure your DNS resolves both A and PTR records for
>> the AirPort.
>
> Thnx for the tip. Found out that it was not the airport UDP port.
> It is
> some misconfiguration in my DNS, but still don't get why it doesn't
> work
> as expected. For some reason my DNS-name is snipped just before the
> TLD.
>
> Oh btw i changed some configs
>
> I prepended to /etc/syslog.conf the next and deleted what I wrote
> above
> # Log remote Airport Express
> +airport.intranet.mydomain.org
> *.* /var/log/airport.log
> +*
> !*
>
> And in rc.conf I changed the above to:
> syslogd_enable="YES"
> syslogd_flags="-b myhostname.intranet.mydomain.org -a
> airport.intranet.mydomain.org"
>
> So what comes in on syslogd looks like "airport.intranet.mydomain"
> so no
> .org or something. I really don't get where that comes from. But now
> syslogd rejects because of "name mismatch".
>
> I suppose something is wrong with either my DNS or my DHCP (appending
> the domainname??), but at dhcpd I have the option "domain-name" set to
> "intranet.mydomain.org". So still don't get whats going wrong.
>
> My dns gives a the right IP and reverse gives right name.
> dig airport.intranet.mydomain.org --> 10.0.10.30
> dig -x 10.0.10.30 --> airport.intranet.mydomain.org
Found out some more ... it has to do with the line in rc.conf
when I change that to:
syslogd_flags="-b myhostname.intranet.mydomain.org -a
airport.intranet.mydomain"
than it works, but still I don't understand why, for if I dig this
name I get nothing.
greets
--
Guido
More information about the freebsd-questions
mailing list