subject:"Re\: Syslog server not logging remote machines to file\?"

Re: Syslog server not logging remote machines to file?

2011-11-19 Thread Robert Bonomi


Kaya Saman kayasa...@gmail.com wrote:

 Hi,

 I've got a really strange problem which seems to either be a bug with 
 the syslog server service or perhaps because I'm running jails on my 
 system.

 I can log my router syslog information but somehow the syslog server 
 doesn't put the information into the designated file; which should be 
 /var/log/cisco857w.log???


The -usual- 'gotcha' for this situation is that you have to _create_ the 
file FIRST, and then tell syslogd to reload it's configuration.  (i.e. 
'kill -HUP' the PID for syslogd)


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Syslog server not logging remote machines to file?

2011-11-19 Thread Kaya Saman


On 11/19/2011 05:21 PM, Robert Bonomi wrote:

Kaya Samankayasa...@gmail.com  wrote:

Hi,

I've got a really strange problem which seems to either be a bug with
the syslog server service or perhaps because I'm running jails on my
system.

I can log my router syslog information but somehow the syslog server
doesn't put the information into the designated file; which should be
/var/log/cisco857w.log???


The -usual- 'gotcha' for this situation is that you have to _create_ the
file FIRST, and then tell syslogd to reload it's configuration.  (i.e.
'kill -HUP' the PID for syslogd)


That's ok, however due to me running syslogd in debug mode anyway - ctrl 
+ c should do that anyway. I performed a: ps aux | grep syslog with 
no result other then my 'grepping' displayed.


Meaning that the syslog daemon should have reloaded right? - I mean it's 
standard for everything else which works in that way!

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Syslog server not logging remote machines to file?

2011-11-19 Thread Kaya Saman

On 11/19/2011 06:52 PM, Robert Bonomi wrote:

 From kayasa...@gmail.com  Sat Nov 19 09:33:08 2011
Date: Sat, 19 Nov 2011 17:31:50 +0200
From: Kaya Samankayasa...@gmail.com
To: Robert Bonomibon...@mail.r-bonomi.com
CC: freebsd-questions@freebsd.org
Subject: Re: Syslog server not logging remote machines to file?

On 11/19/2011 05:21 PM, Robert Bonomi wrote:

Kaya Samankayasa...@gmail.com   wrote:

Hi,

I've got a really strange problem which seems to either be a bug with
the syslog server service or perhaps because I'm running jails on my
system.

I can log my router syslog information but somehow the syslog server
doesn't put the information into the designated file; which should be
/var/log/cisco857w.log???

The -usual- 'gotcha' for this situation is that you have to _create_ the
file FIRST, and then tell syslogd to reload it's configuration.  (i.e.
'kill -HUP' the PID for syslogd)

That's ok, however due to me running syslogd in debug mode anyway - ctrl
+ c should do that anyway. I performed a: ps aux | grep syslog with
no result other then my 'grepping' displayed.

Meaning that the syslog daemon should have reloaded right? - I mean it's
standard for everything else which works in that way!

Well if ps -aux doesn't show any syslogd entry, then syslogd is -not-
running -- which would explain why it's not logging anything to the file :)

If you're stopping and restarting syslogd, then, yes, that causes it to
re-read the configuration.

This begs the question, however, *DOES* that file exist?  syslog does _not_
_create_ a missing logfile, just because it is mentioned in the syslog.conf
file.
g

Robert,

I can assure that syslogd is running, hence the logging posted within my 
first email to the list. When run with the -d and -vv flags set in 
/etc/rc.conf I need to use ctrl +c to break out of it as it logs 
directly to the tty.

Just to go over it again, output from syslogd with -d and -vv flags set 
running in debug mode shows:

{

logmsg: pri 56, flags 4, from Server, msg syslogd: restart
syslogd: restarted
logmsg: pri 6, flags 4, from Server, msg syslogd: kernel boot file is 
/boot/kernel/kernel

Logging to FILE /var/log/messages
syslogd: kernel boot file is /boot/kernel/kernel
logmsg: pri 166, flags 17, from Server, msg Nov 19 12:33:34 syslog.err 
Server syslogd: exiting on signal 2

cvthname(192.168.1.1)
validate: dgram from IP 192.168.1.1, port 59189, name router.domain;
accepted in rule 0.
logmsg: pri 275, flags 0, from cisco857w, msg 10048: 010035: Nov 19 
10:33:48.037: %SYS-5-CONFIG_I: Configured from console by admin on vty0 
(192.168.1.120)

}

The file is mentioned in syslogd config and seems to be loaded within 
the configuration:

{

cfline(*.*/var/log/cisco857w.log, f, *, 
+192.168.1.1)

7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE: 
/var/log/cisco857w.log

}

The file *has* been created also under /var/log/ dir however self 
creation is possible using the -C flag within /etc/rc.conf file; and 
give 'appropriate' permission 600:

{

# ls -l /var/log | grep cisco857
-rw---  1 root   wheel 0 Nov 18 16:32 cisco857w.log

}

So after all this looks {**perfect**} what can this mysterious problem be??

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Syslog server not logging remote machines to file?

2011-11-19 Thread Kaya Saman




cvthname(192.168.1.1)
validate: dgram from IP 192.168.1.1, port 59189, name router.domain;
accepted in rule 0.
logmsg: pri 275, flags 0, from cisco857w, msg 10048: 010035: Nov 19
10:33:48.037: %SYS-5-CONFIG_I: Configured from console by admin on vty0
(192.168.1.120)

If we take the 'priority' of that message at face value,
   it is a facility value of 34
   and a logging priority of  3

On the machines I have access to, facility values stop at _24_.

The message may be being discarded because of a 'nonsense' priority.


I changed the 'facility' value within the IOS itself to kernel:

(config)#logging facility kern

- and now the generated message shows this:

accepted in rule 0.
logmsg: pri 15, flags 0, from cisco857w, msg 10146: 010133: Nov 19 
23:05:54.538: %SYS-5-CONFIG_I: Configured from console by admin on vty0 
(192.168.0.53



still not logging to file though :-( ??




The file is mentioned in syslogd config and seems to be loaded within
the configuration:

{

cfline(*.*/var/log/cisco857w.log, f, *,
+192.168.1.1)

7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE:
/var/log/cisco857w.log

_THAT_ lookks like only _24_ known 'facility' values.


# ls -l /var/log | grep cisco857
-rw---  1 root   wheel 0 Nov 18 16:32 cisco857w.log

And, I presume that when you are invoking syslogd in 'debug' mode, you
are running as superuser.


Yep, that is correct! Am using: su -


So after all this looks {**perfect**} what can this mysterious problem be??


I'm _guessing_ that the apparent 'facility' value of 34 is a good candidate.





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Syslog server not logging remote machines to file?

Re: Syslog server not logging remote machines to file?

Re: Syslog server not logging remote machines to file?

Re: Syslog server not logging remote machines to file?

4 matches

Site Navigation

Mail list logo

Footer information