At 08:48 PM 4/13/2007, you wrote:
"Janos Dohanics" <[EMAIL PROTECTED]> wrote:
>
> I'm trying capture logs from m0n0wall, but the log file is empty.
>
> Here is my configuration:
>
> On the logging machine, in /etc/rc.conf:
>
> syslogd_flags="-a 10.61.70.1"
>
> In /etc/syslog.conf:
>
> +10.61.70.1
> *.* /var/log/m0n0wall.log
>
> /var/log/m0n0wall.log exists and writable:
>
> -rw-rw-r-- 1 root network 0 Apr 13 00:32 /var/log/m0n0wall.log
>
> The m0n0wall is configured to send logs to 10.61.70.100, which is the
> logging machine.
>
> What am I missing?
Start with tcpdump on the receiving machine:
tcpdump 'port 514'
to see if you're even receiving messages from the monowall machine.
If not, then double-check your config on the monowall machine. If so,
check the receiving machine.
Bill,
looks like 10.61.70.100 is receiving packets:
00:58:07.203800 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 126
00:58:33.295297 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 44
00:58:33.340779 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 49
00:59:21.436782 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 55
00:59:21.438125 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 71
00:59:21.439305 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 99
00:59:21.440458 IP gww.floco.com.syslog > 10.61.70.100.syslog: UDP, length: 92
Did you restart syslogd on both systems after making config changes?
I have...
Janos
--
Janos Dohanics
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
