Today I decided to set up some syslog logging of my router.
I enabled syslog logging on the router and pointed it in direction of the syslogd box.
I could see that the syslog packets got to the interface of the syslogd box, but nothing in the logs.
First removed -s from syslogd_flags in /etc/rc.conf, then added -a syslog_src_ip/bitmask to syslogd_flags.
Still nothing in the logs.
Then added -dv to the flags, and found that i got:
rejected in rule 0 due to port mismatch
Well after some searching i found that one could add :* to the -a ip:bitmask line.
Did so and messages got into syslogd, but they did not end up in the right log file.
'+hostname' to the rescue, added it at the end of /etc/syslog.conf, still nothing in the right logfile.
Then noticed that the logfile specified in the +hostname block was assigned to the last !program block.
I figured that the right order of /etc/syslog.conf should be:
1) General logging.
2) +hostname block(s).
3) !program block(s).
If not in this order it will not work.
Sunday, May 6, 2007
Subscribe to:
Posts (Atom)
