Syslog server in jail

[gregober]

I am trying to set up a syslog server inside a jail. I have properly configured the jail and it is up and running. Sysctl parameters are as follows:

security.jail.mount_allowed: 0
security.jail.chflags_allowed: 0
security.jail.allow_raw_sockets: 1
security.jail.sysvipc_allowed: 1
security.jail.socket_unixiproute_only: 0
security.jail.set_hostname_allowed: 0
security.jail.jail_max_af_ips: 255
security.jail.jailed: 0

I have disabled binding on the host environment in /etc/rc.conf:

syslogd_flags="-ss"

But I still can't get the messages in the jail host. Nothing is logged in the file it is supposed to log from my remote firewall.

Any idea?

 

[anomie]

Are the UDP packets making it to your jail IP at all?

You can observe with tcpdump(1).

 

[PeWiWa]

Maybe your jail is too "small". I had the same problem with my jail when some system-binaries and directories were missing. I added more binaries until a /etc/rc could run, and suddenly syslogd was working.

A jailstart with /etc/rc also creates some more directories in /var, so maybe syslogd needs this. I did not invest more time to get it out, but perhaps it helps

 

[gregober]

Thanks for your answer.

Turns out It was a problem with the IP address authorized for the syslog.
I found that adding the "-d" to the startup syslogd parameter in rc.conf debug was very straightforward.

Should have started by activating the debug in the first place.

Thanks.