Hello all.
I'm setting up collecting logs from Asterisk on FreeBSD (10.1.34.30) - to OpenBSD machine (10.145.13.22).
The remote part (Asterisk, FreeBSD) are already configured.
tcpdump (run on FreeBSD) shows that logs are sent from FreeBSD machine to OpenBSD:
Code:
10:53:12.752395 IP 10.1.34.30.514 > 10.145.13.22.514: SYSLOG local0.notice, length: 144
10:53:37.288066 IP 10.1.34.30.514 > 10.145.13.22.514: SYSLOG local0.notice, length: 144
10:54:09.596454 IP 10.1.34.30.514 > 10.145.13.22.514: SYSLOG local0.notice, length: 144
syslogd is also listening on OpenBSD machine:
Code:
# netstat -f inet -nla | grep 514
udp 0 0 *.514 *.*
PF rules are not changed, they remain unmodified:
Code:
# pfctl -sr
block drop all
pass all flags S/SA
block drop in on ! lo0 proto tcp from any to any port 6000:6010
The problem: where is the log stored?
There is no /var/log/syslog on OpenBSD. Its creation haven't helped (file remains empty).
'
ps aux | grep syslog' shows two destinations, but they are also empty:
Code:
# ps aux | grep syslog
_syslogd 26787 0.0 0.0 428 732 ?? S 4:23PM 0:00.02 /usr/sbin/syslogd -a /var/www/dev/log -a /var/empty/dev/log
root 23392 0.0 0.0 420 756 ?? Is 4:23PM 0:00.00 syslogd: [priv] (syslogd)
root 31053 0.0 0.0 492 724 p0 S+ 5:02PM 0:00.00 grep syslog
So, the logs are sent successfully. I just need to catch them. And I wonder, how it could be done.