Hello out there. I'm using some dual stack installations and I'd like to configure FreeBSD's (CURRENT at the moment) syslogd on a syslog-server to handle incoming logging messages from remote FBSD boxes (mixed, 11.2, 12.0 and CURRENT). I' facing a very weird situation. Scenario: The server has IPv6 fdff:dead:beef::faaf and IP 192.168.168.200. The test client has IPv6 fdff:dead:beef::aaaa and IP 192.168.168.2. On the syslog server: The syslog server's syslogd is configured as (etc/rc.conf): syslogd -C -v -v -b [fdff:dead:beef::faaf]:514 -b 192.168.168.200:514 \ -a [fdff:dead:beef::]/48:* -a 92.168.168.0/24:* It's /etc/syslog.conf file contains the following line to make syslogd receiving syslog messages from the specified client and log those messages in a separate file (/usr/local/etc/syslog.d/host_X.conf): +[fdff:dead:beef::aaaa],192.168.168.2 *.* /var/log/hosts/host_a.log On the client (IPv6 fdff:dead:beef::aaaa and IP 192.168.168.2), syslogd (/etc/rc.conf) is configured via syslogd -C -v -v -s and it is configured to log additinaly all messages to the server via /usr/local/etc/syslog.d/logging.conf: *.* _at_[fdff:dead:beef::faaf] !* I trigger then a log incident on the client via "logger < /dev/random". This scenario doens't work - putting syslogd on the server into debug mode, via adding option -d, the log message from the client is received, but rejected: [...] # of validation rule: 2 validate: dgram from IP ffdff:dead:beef::aaaa, port 514, name \ fdff:dead:beef::aaaa; rejected in rule 1 due to IP mismatch. rejected in rule 2 due to address family mismatch. Message from fdff:dead:beef::aaaa was ignored.received sa_len = 28 cvthname(28) len = 28 cvthname(fdff:dead:beef::aaaa) # of validation rule: 2 While the manpage syslog.onf(5) is specific how to use IPv6 addresses in the "action" field, preceeded by "_at_", I've no doubt of the ciorrectnes of the client's syntax, *.* _at_[fdff:dead:beef::faaf]. But it seems ambiguous when it comes to the part of the hostname on the server's side, when prepending the "hostname/program" portion with a "+" when it comes to IPv6. If switching the config on the client to: *.* _at_192.168.168.200 !* does let syslogd on the server log the message as expected: [...] # of validation rule: 2 validate: dgram from IP 192.168.168.2, port 514, name 192.168.168.2; rejected in rule 1 due to address family mismatch. accepted in rule 2. logmsg: pri 15, flags 0, from 192.168.168.2, msg ��q^Bǩ�^CM-^L �*^_B�^LM-^A?^L�i[^R�5QM-^MRLvM-^FA}bM-^Y�F��^N�C�M-^\��b�^?�NM-^G-�ޠ��M-^[ƾ44��^V�zݣ}a�B�'M-^^^G�P��g^H�cM-^_at_J7xg\A��.��M-^UC7o^V���^Ax�^G�\ <^A.#�ns�KwV^N�^ZZ��Ϻ�M-^X�zM-^N^U�M-^Ys2smW^G^S^U�M-^G�<'~�7�^HFz�>DM-^T�V~8^^vW1��^K[�^\i^P�"M-^G�Q�(�m%{M-^_at_M- ^H�M-^Q�^Q�nW�Y(CT_at__/�`�cM-^Nv Logging to FILE /var/log/hosts/host_a.log received sa_len = 16 cvthname(2) len = 16 cvthname(192.168.168.2) # of validation rule: 2 I also tried on the server's config to avoid the brackets ("[]"), +fdff:dead:beef::aaaa,192.168.168.2 *.* /var/log/hosts/host_a.log but that seems illogical and it results in the same IP mismatch as reported further above. If it isn't a bug, please point me to the mistake. Thanks in advance, ohReceived on Thu Jan 31 2019 - 06:24:55 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:20 UTC