Syslog remote logging problems

Joshua Tinnin krinklyfig at spymac.com
Sat Dec 18 09:24:25 PST 2004 

On Sunday 12 December 2004 09:29 am, "Chris Roos" <chris at seagul.co.uk> 
wrote:
> Hi,
>
> I have spent quite some time today trying to get my Netgear DG834
> ADSL Router to log it's syslog messages to syslogd running on FreeBSD
> 5.3R.
>
> The first step was to check that the syslog messages were arriving at
> the FreeBSD box by using tcpdump with a filter for udp packets.  This
> confirmed that the packets were being 'seen' by the FreeBSD box.
>
> The next step was to set-up a rule in syslog.conf to log all data
> from the router to /var/log/router.log.  This is where the first
> problems appeared. Initially, I added the following to the end of
> syslog.conf
>
> +router
> *.*		/var/log/router.log
>
> As this entry was below the program entries for ppp and startslip,
> and having read the man pages, I gather that syslog was now set-up to
> log from router only entries matching the above programs (due to the
> cascading nature of the syslog.conf rules).  I moved the router
> definition to above the program entries and verified that the log
> file was being populated.  I read in the man pages that to cancel a
> program or hostname rule within the syslog.conf file use '*', however
> I have not been able to get this to work correctly.  I have tried the
> following at the end of the file (before moving the router definition
> to above the ppp and startslip program entries to enable it to work
> correctly) with no success.
>
> *
> +router
> *.*		/var/log/router.log
>
> and
>
> *+router
> *.*		/var/log/router.log
>
> I would like to know the correct format of this so that I can be sure
> that I am logging everything I should be.
>
> In addition to the above, I am having problems starting the syslogd
> daemon using the -a flag.  If I try to start syslogd with any of the
> following options, I do not get the remote logs from router (IP
> address 192.168.3.20)
>
> -a 192.168.3.20
> -a 192.168.3.20/16
> -a 192.168.3.20/255.255.255.0
> -a 192.168.3.20:'*'
> -a 192.168.3.20/16:'*'
> -a 192.168.3.20/255.255.255.0:'*'
>
> I am currently running syslogd with no parameters which allows me to
> log from the remote host correctly but I would much prefer if I could
> allow only the remote host that I want to log from.
>
> Any help on either of these points would be greatly appreaciated.

I see nobody has answered you - this is not actually a tech help list. 
See: http://lists.freebsd.org/mailman/listinfo/freebsd-questions

Anyway, I log a router with my box, but I do it differently.

In /etc/rc.conf, you should have:

syslogd_flags="-a 192.168.3.20"

All logged info from the router can be sent to whatever file with this 
in /etc/syslog.conf, as you tried earlier:

> +router
> *.*		/var/log/router.log

This *should* work, but fwiw, I haven't been able to get it to work. But 
with the default settings in syslog.conf, router messages are logged 
in /var/log/messages, which is fine for my purposes right now. I'm sure 
there's a better way, but at least that will work.

- jt

More information about the freebsd-newbies mailing list