root@logging:/var/log/haproxy # sysrc syslogd_flags="-d -C -b logging.lan -4 -a 10.209.1.0/24:* -a 192.168.10.0/24:*" syslogd_flags: -C -b logging.lan -4 -a 10.209.1.0/24:* -a 192.168.10.0/24:* -> -d -C -b logging.lan -4 -a 10.209.1.0/24:* -a 192.168.10.0/24:* root@logging:/var/log/haproxy # service syslogd start Starting syslogd. allowaddr: rule numeric, addr = 10.209.1.0, mask = 255.255.255.0; port = 0 allowaddr: rule numeric, addr = 192.168.10.0, mask = 255.255.255.0; port = 0 can't open /dev/klog (2) Trying peer: logging.lan new socket fd is 5 listening on socket sending on socket Trying peer: /var/run/log new socket fd is 6 listening on socket sending on socket Trying peer: /var/run/logpriv new socket fd is 7 listening on socket sending on socket off & running.... init loading timezone data via tzset() cfline("*.err;kern.warning;auth.notice;mail.crit /dev/console", f, "*", "*") /dev/console: Operation not supported logmsg: pri 53, flags 0, from logging, msg /dev/console: Operation not supported cfline("*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages", f, "*", "*") cfline("security.* /var/log/security", f, "*", "*") cfline("auth.info;authpriv.info /var/log/auth.log", f, "*", "*") cfline("mail.info /var/log/maillog", f, "*", "*") cfline("cron.* /var/log/cron", f, "*", "*") cfline("*.=debug /var/log/debug.log", f, "-devd", "*") cfline("*.emerg *", f, "-devd", "*") Trying to include files in '/etc/syslog.d' reading /etc/syslog.d/ftp.conf cfline("ftp.info /var/log/xferlog", f, "*", "*") reading /etc/syslog.d/lpr.conf cfline("lpr.info /var/log/lpd-errs", f, "*", "*") reading /etc/syslog.d/ppp.conf cfline("*.* /var/log/ppp.log", f, "ppp", "*") Trying to include files in '/usr/local/etc/syslog.d' reading /usr/local/etc/syslog.d/saltstack.conf cfline("local6.=info /var/log/haproxy/http-access.log", f, "*", "+router1.lan,router2.lan,router.lan") cfline("local6.=err /var/log/haproxy/http-error.log", f, "*", "+router1.lan,router2.lan,router.lan") cfline("local5.* /var/log/haproxy/smtp.log", f, "*", "+router1.lan,router2.lan,router.lan") cfline("local6.=info /var/log/httpd/access.log", f, "*", "+dev.lan,antabif.lan,gitlab.lan,sandbox.lan,www1.prod.lan,www2.prod.lan") cfline("local6.=err /var/log/httpd/error.log", f, "*", "+dev.lan,antabif.lan,gitlab.lan,sandbox.lan,www1.prod.lan,www2.prod.lan") 4 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X UNUSED: 7 5 2 5 5 5 6 3 5 5 X 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages X X X X X X X X X X X X X 7 X X X X X X X X X X X FILE: /var/log/security X X X X 6 X X X X X 6 X X X X X X X X X X X X X X FILE: /var/log/auth.log X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog X X X X X X X X X 7 X X X X X X X X X X X X X X X FILE: /var/log/cron 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE: /var/log/debug.log (-devd) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: (-devd) X X X X X X X X X X X 6 X X X X X X X X X X X X X FILE: /var/log/xferlog X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE: /var/log/ppp.log (ppp) X X X X X X X X X X X X X X X X X X X X X X 6 X X FILE: /var/log/haproxy/http-access.log X X X X X X X X X X X X X X X X X X X X X X 3 X X FILE: /var/log/haproxy/http-error.log X X X X X X X X X X X X X X X X X X X X X 7 X X X FILE: /var/log/haproxy/smtp.log X X X X X X X X X X X X X X X X X X X X X X 6 X X FILE: /var/log/httpd/access.log X X X X X X X X X X X X X X X X X X X X X X 3 X X FILE: /var/log/httpd/error.log logmsg: pri 56, flags 0, from logging, msg restart syslogd: restarted logmsg: pri 6, flags 0, from logging, msg kernel boot file is /boot/kernel/kernel Logging to FILE /var/log/messages kernel boot file is /boot/kernel/kernel received sa_len = 16 cvthname(2) len = 16 cvthname(10.209.1.252) # of validation rule: 2 validate: dgram from IP 10.209.1.252, port 51614, name router1.lan; accepted in rule 1. logmsg: pri 266, flags 0, from router1, msg 176.9.4.106 - - [14/Jan/2019:15:15:13 +0000] "GET /species_by_code/LEUCVOSS HTTP/1.1" 302 394 "" "Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/)" "www.xxx.net" received sa_len = 16 cvthname(2) len = 16 cvthname(10.209.1.252) # of validation rule: 2 validate: dgram from IP 10.209.1.252, port 51614, name router1.lan; accepted in rule 1. logmsg: pri 266, flags 0, from router1, msg 176.9.4.106 - - [14/Jan/2019:15:15:17 +0000] "GET /species/show/26609 HTTP/1.1" 200 6224 "" "Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/)" "www.xxx.net" received sa_len = 16 cvthname(2) len = 16 cvthname(10.209.1.252) # of validation rule: 2 validate: dgram from IP 10.209.1.252, port 51614, name router1.lan; accepted in rule 1. logmsg: pri 266, flags 0, from router1, msg 193.190.146.122 - - [14/Jan/2019:15:15:14 +0000] "POST /api/v4/jobs/request HTTP/1.1" 204 333 "" "gitlab-runner 10.6.0 (10-6-stable; go1.9.4; linux/amd64)" "git.xxx.be" received sa_len = 16 cvthname(2) len = 16 cvthname(10.209.1.252) # of validation rule: 2 validate: dgram from IP 192.168.10.34, port 514, name www1.prod.lan; rejected in rule 1 due to IP mismatch. accepted in rule 2. logmsg: pri 263, flags 0, from www1.prod.lan, msg [Mon Jan 14 16:15:18.678075 2019] [core:error] [pid 23228:tid 34477267968] [client 192.168.10.253:12008] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/sites/share.xxx.aq/data Logging to UNUSED Logging to FILE /var/log/messages Logging to FILE /var/log/httpd/error.log received sa_len = 16 cvthname(2) len = 16 cvthname(10.209.1.252) # of validation rule: 2 validate: dgram from IP 10.209.1.252, port 51614, name router1.lan; accepted in rule 1. logmsg: pri 266, flags 0, from router1, msg 10.209.1.39 - - [14/Jan/2019:15:15:16 +0000] "POST /api/v4/jobs/request HTTP/1.1" 204 334 "" "gitlab-runner 11.2.0 (11-2-stable; go1.11; freebsd/amd64)" "git.xxx.be" received sa_len = 16 cvthname(2) len = 16 cvthname(10.209.1.252) (...)