Hi List, I have a large number of FreeBSD servers(100+) with about 50% of them multi homed, all running the default syslog daemon with perfect remote syslog results. I specify the host I want to send traffic to in this fashion in /etc/syslog.conf:
*.* @55.55.55.55 Where 55.55.55.55 is the IP of one of my syslog servers. I am running a number of BSDRP based routers, and routers based off of my own customisations of BSDRP and none of them appear to have working syslog. Logs to local disk work fine, however I have two statements in each syslog config file with directions to send ALL logs to our SIEM server and our log server(2 servers in total). No logs make it to either server. An example would be SSH access, which is important for me to know about, I have turned on INFO level logging to AUTH which appears in syslog on the router but not on the remote syslog servers. I have done wiresharks which report no logs are being sent from the devices, yet when I run the logger command and manually send logs to these hosts, I can see the logs received on the remote host. Does anyone know how I might begin resolving this issue? I have a number of important pieces of software to monitor logging on, namely: BGPD(Quagga) OSPFD(Quagga) SSHD MPD5 Would appreciate any advice. Mark ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Bsdrp-users mailing list Bsdrp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bsdrp-users
