On Wed, 13 Jul 2016 09:53:43 +0200 "O. Hartmann" <ohartman_at_zedat.fu-berlin.de> wrote: > I have some serious trouble logging for remote hosts via syslog on a sepcific > central server. > > Following manpages syslogd(8) and syslog.conf(5), the syslogd is allowed to > listen on a specific address (-b option) and receiving syslog messages from > remote client hosts on a specific network (-a option). Our configuration of > syslogd looks like (rc.conf): > > syslogd_flags="-8 -n -v -4 -C -b 192.168.0.2:514 -a 192.168.0.1/24:*" > > and sockstat show a proper listening port: > > [...] > root syslogd 75823 6 udp4 192.168.0.2:514 *:* > > Now the strange or weird part (in my opinion). > > We have several firewalls, gateways, APs and printers which are configured to > send syslog messages to a remote host, designated by the IP shown above. This > works, I can see syslogd receiving messages from several systems > via /var/log/messages (at the moment everything is also dumped into that file > as well as onto console, on which the messages from the remote devices also > appear as expected. > > In /etc/syslog.conf I try to use the fowllowing line, for instance for one > device as pars pro totum, to log to a dedicated file: > > [...] > +192.168.0.100 > *.* /var/log/printer-01.log > +192.168.0.101 > *.* /var/log/printer-02.log > !* > (EOF) > > All log definitions for remote host logging are put to the end of file > syslog.conf to avoid problems with the block boundaries. So the above shown > config should separate each different host in a defined way as the manpage > syslog.conf(5) states. > > Using IPs only seems not to work (and I can not understand, according to > syslogd(8) and option -a ipaddr/msklen:port). I never get a delegation of > log messages into the specified file. > > So, syslog.conf(5) states that I have to use "names". So I also > setup /etc/hosts to have each remote host's IP assigned with a hostname (we > have no domain/DNS in this specific network, IP only!). So I tried then > > [...] > +printer-01 > *.* /var/log/printer-01.log > +printer02 > *.* /var/log/printer-02.log > !* > (EOF) > > This doesn't work either! > > Something is very fishy with FreeBSD's syslogd and please let me know what I'm > doing wrong here. > > I also read the section in the handbook about remote syslog and the > requirement of a forward and reverse DNS resolution - which is NOT(!) > mentioned in the manpages (and I follow the opinion that in doubt, the > manpage is right!). > > Can someone shed a bit light on that (no, I do not want to use a ports > package/alternative syslog, I'd like to use FreeBSD's tools already abord). > > Thank you very much in advance and apologizes to those who feel bothered by a > possible stupid question! > > regards, > > O. Hartmann > > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" I found this message left five years ago, coinciding with my experience, that when I used this loggin method last time, that was FreeBSD 8.X and early 9.X, it worked for IPs as shown; https://lists.freebsd.org/pipermail/freebsd-questions/2011-November/235565.htmlReceived on Wed Jul 13 2016 - 06:09:23 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:06 UTC