[nycbug-talk] FreeBSD syslog.conf quickie

[Kevin Reiter]

Rodrique Heron wrote:
: Kevin Reiter wrote:
:: All,
:: 
:: A quick question on the syntax for defining a remote system logging
:: to a remote syslog server. 
:: 
:: I have a number of routers I want to send their syslogs to a FreeBSD
:: system.  I've checked all the firewall rules and know that not to be
:: a problem.  My question is, in the syslog.conf file itself, how to I
:: define a host to log to a specific logfile?  I've RTFM, checked
:: Google, and checked everything else I thought might have been
:: mucking up the waters, but can't seem to get this straight.     
:: 
:: I'm looking to get all syslogs for hostname "ssr" to go to
:: /var/log/router.log 
:: 
:: In my /etc/syslog.conf, I have the following entry:
:: 
:: +ssr.*                 /var/log/router.log
:: 
::: From man 5 syslog.conf:
:: 
:: A hostname specification of the form `#+hostname' or `+hostname'
:: means 
:: the following blocks will be applied to messages received from the
:: speci- 
:: fied hostname.  Alternatively, the hostname specification
:: `#-hostname' or `-hostname' causes the following blocks to be
:: applied to messages from 
:: any host but the one specified.  If the hostname is given as `@', the
:: local hostname will be used.  As for program specifications, multiple
:: comma-separated values may be specified for hostname specifications.
:: 
:: I've tried using +ssr, +ssr.*, and a few other variations with no
:: luck. 
:: 
:: Am I just reading the examples wrong?  (In my defense, I've had a
:: headache for the past 3 days, which hasn't helped..) 
:: 
:: Thanks,
:: Kev
:: 
:: This message may contain confidential or proprietary information and
:: is intended solely for the individual(s) to whom it is addressed. 
:: If you are not a named addressee you should not disseminate,
:: distribute or copy this e-mail or act upon the information contained
:: herein.  Please notify the sender immediately by e-mail if you have
:: received this e-mail by mistake and delete this e-mail from your
:: system.      
:: 
:: _______________________________________________
:: % NYC*BUG talk mailing list
:: http://lists.nycbug.org/mailman/listinfo/talk
:: %Be sure to check out our Jobs and NYCBUG-announce lists
:: %We meet the first Wednesday of the month
:: 
:: 
: Use minirsyslogd instead, I am don't know why BSD syslog won't work. I
: created a /va/log/cisco/{device1,device2}, replace device with the
: address with ip address of your switch or router.
: 
: in == /etc/rc.conf ==
: minirsyslog_enable="YES"
: minirsyslog_flags="--rootdir /var/log/cisco --umask 022"
: 
: syslogd_enable="YES"
: syslogd_flags="-ss -b 192.168.2.1"
: 
: That works for me, minirsyslog only writes when the buffer is full, so
: you may not see events right away.

Thanks, but I'd rather use the built-in syslogd for this, without having to install anything else.  I know it *should* work, once I get the right syntax for the configs figured out.

I've changed rc.conf to include:
syslogd_flags="-b loghost.intranet.com -a ip_of_router:* -a ssr:* -a ssr"

(ssr being the hostname of the router that resolves via DNS)

Restarted syslogd, but still nothing.

root at darkhorse [~]# ls -l /var/log/router.log
-rw-r--r--  1 root  wheel  64 Apr  5 00:00 /var/log/router.log

root at darkhorse [~]# sockstat | grep 514
root     syslogd    21191 6  udp4   my_ip:514      *:*

## Router logging starts
+ssr
*.*              /var/log/router.log
## Router logging ends


Am I missing something?