On 11/28/2011 08:58 PM, Damien Fleuriot wrote:
On 11/28/11 7:09 PM, Kaya Saman wrote:
[...snip...]
Properly configured, syslogd will log remotely. However something
like sysutils/rsyslog may fit your requirements better.
--
Adam Vande More
Thanks for that. I have tested rsyslog which is backwards compatible
with syslog but again something failed with that in order to write to
the created logfile???
We have absolutely no problems whatsoever with rsyslogd here.
It runs on our FreeBSD firewall boxes and logs both to local files and
a remote server running rsyslogd on debian.
Additionally and in reply to your need to track what happens on your
network, I very highly recommend Observium which we have been running
for over 18 months now and which I use on an almost daily basis.
http://www.observium.org/wiki/Main_Page
The icing on the cake is that you'll be able to export your logs to
Observium directly.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Thanks for the vote of confidence!
I have set syslogd to run on the loopback and rsyslogd to run on the
local IP address.
Here is my config file for rsyslog:
$ModLoad immark.so # provides --MARK-- message capability
$ModLoad imuxsock.so # provides support for local system logging
$ModLoad imklog.so # kernel logging
$ModLoad imudp
$UDPServerAddress 192.168.1.120
$UDPServerRun 514
$RuleSet Cisco857w
#:msg, contains, "192.168.1.1" /var/log/cisco857w.log
:fromhost-ip, isequal, "192.168.1.1" /var/log/cisco857w.log
According to the rule anything coming in from 192.168.1.1 should be
logged to /var/log/cisco857.log
From rsyslog debug mode I was able to find that the rule was in place
and should be performing properly:
0302.998028819:800c041c0: ruleset 0x800c2b0a0: rsyslog ruleset Cisco857w:
0302.998046140:800c041c0: rule 0x800c14d80: rsyslog rule:
0302.998058991:800c041c0: PROPERTY-BASED Filter:
0302.998070165:800c041c0: Property.: 'fromhost-ip'
0302.998080781:800c041c0: Operation: 'isequal'
0302.998099499:800c041c0: Value....: '192.168.1.1'
0302.998109835:800c041c0: Action...:
Actions:
0302.998127435:800c041c0: builtin-file: /var/log/cisco857w.log
0302.998143918:800c041c0: template='/var/log/cisco857w.log'
0302.998153696:800c041c0: use async writer=0
0302.998165150:800c041c0: flush on TX end=1
0302.998175766:800c041c0: flush interval=1
0302.998186661:800c041c0: file cache size=10
0302.998198115:800c041c0: create directories: yes
0302.998208451:800c041c0: file owner 0, group 0
0302.998218788:800c041c0: force chown() for all files: no
0302.998229683:800c041c0: directory owner 0, group 0
0302.998240020:800c041c0: dir create mode 0700, file create mode 0644
0302.998254267:800c041c0: fail if owner/group can not be set: no
However, when using tcpdump it shows that rsyslog is infact receiving
information but still unfortunately not logging to file???
# tcpdump -tlnvv -i em0 port 514
tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96
bytes
IP (tos 0x0, ttl 255, id 1875, offset 0, flags [none], proto UDP (17),
length 142)
192.168.1.1.59189 > 192.168.1.120.514: SYSLOG, length: 114
Facility local7 (23), Severity notice (5)
Msg: 11578: 011565: Nov 28 23:34:19.475: %SYS-5-CONFIG[|syslog]
File permissions are correct as I got rsyslog to create the file from
scratch.......
What am I missing here?
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
