Bug 161129
| Summary: | syslog does not accept remote host logs | ||
|---|---|---|---|
| Product: | Documentation | Reporter: | Andrei Kolu <antik> |
| Component: | Books & Articles | Assignee: | Glen Barber <gjb> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Andrei Kolu
2011-09-29 18:40:07 UTC
Hi, On 9/29/11 1:30 PM, Andrei Kolu wrote: >> Number: 161129 >> Category: docs >> Synopsis: syslog does not accept remote host logs >> Description: > If I configure syslog for remote logging according to this manual: > http://www.freebsd.org/doc/handbook/network-syslogd.html > > ####hosts file > 10.10.10.1 cisco1812 cisco1812.example.com > > ####rc.conf > syslogd_enable="YES" > syslogd_flags="-d -a 10.10.10.1 -v -v" > > ####syslog.conf > # Logging cisco > +cisco1812.example.com > *.* /var/log/cisco1812.example.com.log > > then syslog would give me this error: > > "validate: dgram from IP 10.10.10.1, port 54446, name cisco1812.example.com; > rejected in rule 0 due to port mismatch." According to syslogd(8): % Multiple -a options may be specified. % The allowed_peer option may be any of the following: % ipaddr/masklen[:service] Accept datagrams from ipaddr (in the % usual dotted quad notation) with % masklen bits being taken into account % when doing the address comparison. % ipaddr can be also IPv6 address by % enclosing the address with [ and % ]. If specified, service is the % name or number of an UDP service (see % services(5)) the source packet must % belong to. A service of * allows % packets being sent from any UDP port. % The default service is syslog. So, if ":*" or some other port is not specified, the default will be the syslog UDP port 514 (from /etc/services). According to the above, your cisco device is using port 54446. I suspect this will work with the following rc.conf entry: ####rc.conf syslogd_enable="YES" syslogd_flags="-d -a 10.10.10.1:54446 -v -v" Can you please try this, and let us know? Regards, Glen -- Glen Barber | gjb@FreeBSD.org FreeBSD Documentation Project State Changed From-To: open->feedback Feedback requested. Responsible Changed From-To: freebsd-doc->gjb I'll keep track of this, since I am the one that requested feedback. 2011/9/29 Glen Barber <gjb@freebsd.org> > Hi, > > On 9/29/11 1:30 PM, Andrei Kolu wrote: > >> Number: 161129 > >> Category: docs > >> Synopsis: syslog does not accept remote host logs > > >> Description: > > If I configure syslog for remote logging according to this manual: > > http://www.freebsd.org/doc/handbook/network-syslogd.html > > > > ####hosts file > > 10.10.10.1 cisco1812 cisco1812.example.com > > > > ####rc.conf > > syslogd_enable="YES" > > syslogd_flags="-d -a 10.10.10.1 -v -v" > > > > ####syslog.conf > > # Logging cisco > > +cisco1812.example.com > > *.* /var/log/cisco1812.example.com.log > > > > then syslog would give me this error: > > > > "validate: dgram from IP 10.10.10.1, port 54446, name > cisco1812.example.com; > > rejected in rule 0 due to port mismatch." > > According to syslogd(8): > > % Multiple -a options may be specified. > % The allowed_peer option may be any of the following: > % ipaddr/masklen[:service] Accept datagrams from ipaddr (in the > % usual dotted quad notation) with > % masklen bits being taken into account > % when doing the address comparison. > % ipaddr can be also IPv6 address by > % enclosing the address with [ and > % ]. If specified, service is the > % name or number of an UDP service (see > % services(5)) the source packet must > % belong to. A service of * allows > % packets being sent from any UDP port. > % The default service is syslog. > > So, if ":*" or some other port is not specified, the default will be the > syslog UDP port 514 (from /etc/services). According to the above, your > cisco device is using port 54446. I suspect this will work with the > following rc.conf entry: > > ####rc.conf > syslogd_enable="YES" > syslogd_flags="-d -a 10.10.10.1:54446 -v -v" > > Can you please try this, and let us know? > > Hello! Yes, adding port number to syslog flags works. But after I upgraded IOS on Cisco router it changed port number also. I prefer ":*" way of configuration and in case of whole network logging only 10.10.10.0/24:* would work. State Changed From-To: feedback->closed Submitter notes syslogd(8) is working as documented. |
