mess with syslogd
Matthew Seaman
matthew at freebsd.org
Wed Apr 1 10:05:11 UTC 2015
On 04/01/15 10:36, Wojciech Puchar wrote:
> no idea how to debug a problem with syslogd. please help
>
> i use syslogd to log messages from multiple other unix machines, now i
> wanted to add logging from windows server (with evtsys program).
>
> if i run syslogd with
>
> syslogd_enable="YES" # Run syslog daemon (or NO).
> syslogd_flags="-v -4 -8 -b 10.100.100.1"
>
>
> it logs messages fine from windows server as well as others.
>
>
> if i run it as
>
> syslogd_flags="-v -4 -8 -b 10.100.100.1 -a 10.100.0.0/16"
>
> it logs messages fine from everything except windows servers, WHICH ARE
> IN 10.100.0.0/16 network.
>
> Now i just use firewall rules to block logging from unwanted places, but
> no idea why just using -a blocks logs from windows/evtsys
>
> any idea?
>
You're implicitly telling syslogd what port numbers to accept on the
sending side. The default is only to allow sending from port 514.
Instead, try:
syslogd_flags="-v -4 -8 -b 10.100.100.1 -a 10.100.0.0/16:*"
In theory you should be able to limit to only accepting packets sent
from port 514 but I've found various different devices may use different
ports. Looking at:
# tcpdump -i em0 -A host 10.100.100.1 and port 514
should show what your systems are actually using.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20150401/7121c2be/attachment.sig>
More information about the freebsd-hackers
mailing list