syslog hosting is not working?

hello guys:

i am trying to use the server as an offline syslog server for my home gateway router but it is not working. the home gateway router is xxx.xxx.xxx.1.

---- udp port 514 is open
Code:
user@server:~:$ sudo netstat -na
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)    
tcp4       0      0 xxx.xxx.xxx.xxx.22     xxx.xxx.xxx.50.60806     ESTABLISHED
tcp4       0      0 *.22                 *.*                    LISTEN     
tcp6       0      0 *.22                 *.*                    LISTEN     
tcp4       0      0 127.0.0.1.53           *.*                    LISTEN     
tcp6       0      0 ::1.53                 *.*                    LISTEN     
udp4       0      0 *.514                  *.*                    
udp6       0      0 *.514                  *.*                    
udp4       0      0 127.0.0.1.53           *.*                    
udp6       0      0 ::1.53                 *.*  

Starting Nmap 7.91 ( [URL]https://nmap.org[/URL] ) at 2021-03-07 14:34 EST
Nmap scan report for xxx.xxx.xxx.xxx
Host is up (0.0051s latency).
Not shown: 999 closed ports
PORT    STATE         SERVICE
514/udp open|filtered syslog
MAC Address: xx:xx:xx:xx:xx:xxx (Foxconn)

Nmap done: 1 IP address (1 host up) scanned in 16.99 seconds
---- settings in rc.conf
Code:
syslogd_enable="YES"
syslogd_flags="-s -a xxx.xxx.xxx.1 -vv"
---- per freebsd handbook, https://docs.freebsd.org/doc/7.4-RELEASE/usr/share/doc/handbook/network-syslogd.html, i have following settings:
Code:
+xxx.xxx.xxx.1
*.*                                             /var/log/logclient.log
---- from tcpdump:
Code:
14:51:38.327222 IP xxx.xxx.xxx.1.syslog > xxx.xxx.xxx.xxx.syslog: SYSLOG daemon.info, length: 14
---- but nothing logged:
Code:
-rw-r--r--  1 root  wheel  0 Mar  3 18:01 /var/log/logclient.log
thanks

_dave
 
That's an 8 year old version of the handbook. Things change.


Read syslogd(8):
Code:
     -s      Operate in secure mode.  Do not log messages from remote
             machines.  If specified twice, no network socket will be opened
             at all, which also disables logging to remote machines.
thanks. i did try without "-s" but made no differences.
That's an 8 year old version of the handbook. Things change.


Read syslogd(8):
Code:
     -s      Operate in secure mode.  Do not log messages from remote
             machines.  If specified twice, no network socket will be opened
             at all, which also disables logging to remote machines.

thanks. it worked. sorry for the misinformation.
 
Back
Top