Re: Syslog not logging remote host

At 08:48 PM 4/13/2007, you wrote:
"Janos Dohanics" <web@xxxxxxxxxxxxxx> wrote:
>
> I'm trying capture logs from m0n0wall, but the log file is empty.
>
> Here is my configuration:
>
> On the logging machine, in /etc/rc.conf:
>
> syslogd_flags="-a 10.61.70.1"
>
> In /etc/syslog.conf:
>
> +10.61.70.1
> *.* /var/log/m0n0wall.log
>
> /var/log/m0n0wall.log exists and writable:
>
> -rw-rw-r-- 1 root network 0 Apr 13 00:32 /var/log/m0n0wall.log
>
> The m0n0wall is configured to send logs to 10.61.70.100, which is the
> logging machine.
>
> What am I missing?

Start with tcpdump on the receiving machine:
tcpdump 'port 514'
to see if you're even receiving messages from the monowall machine.

If not, then double-check your config on the monowall machine. If so,
check the receiving machine.

Did you restart syslogd on both systems after making config changes?

My apologies to everyone trying to help me for wasting their time - 10.61.70.100 is happily logging what 10.61.70.1 is sending.

10.61.70.1 is being logged to /var/log/messages (finally occurred to me to check that).

What I'm wondering now is that why is 10.61.70.1 not being logged in /var/log/m0n0wall.log? Here is my /etc/syslog.conf:

*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
*.=debug /var/log/debug.log
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.* /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
!startslip
*.* /var/log/slip.log
!ppp
*.* /var/log/ppp.log
+10.61.70.1
*.* /var/log/m0n0wall.log

--
Janos Dohanics


_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Syslog not logging remote host
    ... I'm trying capture logs from m0n0wall, but the log file is empty. ... On the logging machine, in /etc/rc.conf: ... then double-check your config on the monowall machine. ...
    (freebsd-questions)
  • Re: Website down
    ... You need need need a firewall and to enable logging on your internet ... Once you do that, check the logs there. ... >> attacks are coming from or a solution to the problem. ...
    (microsoft.public.security)
  • Re: NTDS.dit and logs on same disk- actual real-world performance
    ... your config looks ok. ... >I understand the best practice is to place the Active Directory> Database and its associated logs on separate phyisical disks-> preferably two Raid 1 arrays. ... these server are dual 3.2> GHz processors machines with 2GB of RAM. ...
    (microsoft.public.windows.server.active_directory)
  • RE: [Full-Disclosure] apache browsing files
    ... >> files type in the browser adress? ... logs without having to give them shell access, you may chose to do it ... the config (wrt location of logs - ... > that worked around their original misconfiguration. ...
    (Full-Disclosure)
  • Re: Router in time warp?????
    ... other than the time it's showing in the logs. ... Now look through any tabs appearing in the modem/router config utility.. ... firmware and now the router logs look like this... ...
    (microsoft.public.windowsxp.general)