View Single Post
  #1   (View Single Post)  
Old 21st August 2013
Lexus45 Lexus45 is offline
Port Guard
 
Join Date: May 2010
Location: Kurgan, Russia
Posts: 39
Default Collecting logs from remote machine

Hello all.

I'm setting up collecting logs from Asterisk on FreeBSD (10.1.34.30) - to OpenBSD machine (10.145.13.22).
The remote part (Asterisk, FreeBSD) are already configured. tcpdump (run on FreeBSD) shows that logs are sent from FreeBSD machine to OpenBSD:
Code:
10:53:12.752395 IP 10.1.34.30.514 > 10.145.13.22.514: SYSLOG local0.notice, length: 144
10:53:37.288066 IP 10.1.34.30.514 > 10.145.13.22.514: SYSLOG local0.notice, length: 144
10:54:09.596454 IP 10.1.34.30.514 > 10.145.13.22.514: SYSLOG local0.notice, length: 144
syslogd is also listening on OpenBSD machine:
Code:
# netstat -f inet -nla | grep 514
udp          0      0  *.514                  *.*
PF rules are not changed, they remain unmodified:
Code:
# pfctl -sr                       
block drop all
pass all flags S/SA
block drop in on ! lo0 proto tcp from any to any port 6000:6010

The problem: where is the log stored?
There is no /var/log/syslog on OpenBSD. Its creation haven't helped (file remains empty).

'ps aux | grep syslog' shows two destinations, but they are also empty:
Code:
# ps aux | grep syslog
_syslogd 26787  0.0  0.0   428   732 ??  S      4:23PM    0:00.02 /usr/sbin/syslogd -a /var/www/dev/log -a /var/empty/dev/log
root     23392  0.0  0.0   420   756 ??  Is     4:23PM    0:00.00 syslogd: [priv] (syslogd)
root     31053  0.0  0.0   492   724 p0  S+     5:02PM    0:00.00 grep syslog

So, the logs are sent successfully. I just need to catch them. And I wonder, how it could be done.
Reply With Quote