Thread: Freebsd 7.1-STABLE and dd-wrt v24 syslogd
View Single Post
  #1   (View Single Post)  
Old 16th March 2009
da1 da1 is offline
Fdisk Soldier
  
Join Date: Feb 2009
Location: Berlin, DE
Posts: 49
Default Freebsd 7.1-STABLE and dd-wrt v24 syslogd
Hell-o guyz.

Let me start off by saing that this little thing is bugging me since forever.
So: we have a FreeBSD 7-1-STABLE box and a Linksys wrt54gl v1.1 with DD-WRT v24 (05/24/08) vpn.

Now.... on the router (services->services) I activated the "System Log" option and assigned my BSD box's IP (192.168.0.2). The router is 192.168.0.1. In Security->Firewall, the firewall is enabled and the "Log Management" also with "Log Level" set to "High" and all three options (Dropped, Rejected, Accepted) set to "High".

On the BSD box
rc.conf has
Code:
syslogd_enable="YES"
syslogd_flags="-d -a 192.168.0.1 -vv"
and /etc/syslogd.conf has
Code:
+192.168.0.1
*.*                                             /var/log/router.log
but, when I restart the syslogd daemon (/etc/rc.d/syslogd restart) having debbug mode enabled I see:
Code:
cvthname(192.168.0.1)
validate: dgram from IP 192.168.0.1, port 2052, name router.ro;
rejected in rule 0 due to port mismatch.
Now, I have pf enabled; so I disable it. Nothing. No lines get echo'd to router.log nor does the error go away. So I try to redirect port 2052 to 514 with no effect. I'm guessing here... so the router is sending the logs to? 2052? Now that would be weird. So I do a tcp dump and I find this
Code:
tcpdump: listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes
02:34:16.150587 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 283) router.2052 > localhost.syslog: SYSLOG, length: 255
        IP (tos 0x0, ttl 64, id 57754, offset 0, flags [none], proto UDP (17), length 283) router.2052 > localhost.syslog: [|syslog]
02:34:21.324575 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 283) router.2052 > localhost.syslog: SYSLOG, length: 255
02:34:24.086214 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 232) router.2052 > localhost.syslog: SYSLOG, length: 204
02:34:24.512873 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 229) router.2052 > localhost.syslog: SYSLOG, length: 201
02:34:26.511407 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 283) router.2052 > localhost.syslog: SYSLOG, length: 255
        IP (tos 0x0, ttl 64, id 30082, offset 0, flags [none], proto UDP (17), length 283) router.2052 > localhost.syslog: [|syslog]
So, in fact it sends logs from 2052 to my localhost syslogd. ok, fair enough. I also check the routers running processes and i find
Code:
11174     1 root     S     1832 13.8  0.0 /sbin/syslogd -R 192.168.0.2:514
so it appears that the router is configured ok. I'm guessing I misconfigured something on my bsd box, or the router, but I can't figure out exactly what.

Any ideea is welcomed.
Last edited by da1; 16th March 2009 at 12:47 AM.
Reply With Quote