Hi, First of all thanks much to all who responded so quickly to my question about setting up syslogging in order to accept messages from Cisco (remote) boxes.
I could finally get that thing going. Here's what I did - maybe this is of help to others running into similar problems: 1) In order for syslogd to accept messages from remote machines you've got to use the "-a"-flag. Here's what I've got in my /etc/rc.conf: syslogd_flags="-a 192.168.0.0/16:*" Don't forget the "*" - it makes sure that syslogd accepts UDP packets from *every* port on the remote machine, not just the syslog-port. Typically Cisco-boxes seem to have a high-order source-port in their syslog-messages. 2) /etc/syslog.conf: Make sure that the "local7"-messages coming from Cisco boxes aren't logged multiple times. Typically the vanilla /etc/syslog.conf coming with FreeBSD has the following line in /etc/syslog.conf (near the top of the file): *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/message s change this to read *.notice;local7.none;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages This makes sure that any syslog-messages with the local7 facility don't get written to /var/log/messages. Get to the end of syslog.conf. Here you'll find something like !ppp *.* /var/log/ppp.log These is the setup for log-entries from ppp. You've got to add the following line: !* This resets logging as per man syslog.conf(5): "A program or hostname specification may be reset by giving the program or hostname as `*'." Without that line the lines that you add for your Cisco logging at the end of the file (see below) will only be triggered when coming from the ppp program which almost never is the case. (You can check this using the debug-option of syslogd - see below) 3) Add your log-setup for cisco devices at the end of syslog.conf like so: local7.* /var/log/Syslog/cisco-syslog 4) Touch and "chmod 600" the logfile mentioned above 5) Restart syslogd: /etc/rc.d/syslogd restart Final thoughts & caveats: 1) Use <TAB>s to separate the entries in /etc/syslog.conf 2) Running syslog in debug-mode (i.e. syslogd_flags="-d..." in etc/rc.conf) is a very helpful tool in tracking down problems. It keeps syslogd running in the foreground and logs very helpful information to the console Be aware though, that syslogd in debug-mode is behaving somewhat different. It e.g.seems to ignore the "-a ..." flags that are otherwise necessary in order for syslog to accept messages from remote machines, i.e. accepting messages from everywhere even without the -a flag. Hope this little receipe helps others going... Thanks again for all your help, -ewald _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"