DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th July 2011
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Thanked 0 Times in 0 Posts
Question Send Syslogd To External Host

Hello,

I am having trouble getting my syslogd to forward syslogs to an external host. I'm running OpenBSd 4.8.

I've tried uncommenting the already provided fields and pointing to @ip (where ip is the actual IP address.)

I have also tried *.* @ip

Running 'TCP dump port 514' I see nothing.

In pf I have:

Code:
pass out quick on $ext_if inet proto udp from any to any port 514 keep state
running tcp dump -i pflog0; I also see nothing of interest.

I am able to ping the remote host and other devices are able to send to it.

Perhaps I have missed something?


Thanks!
Reply With Quote
  #2   (View Single Post)  
Old 18th July 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,710
Thanked 214 Times in 189 Posts
Default

You won't see anything in pflog(4) for that rule, since you don't log its matches. Only matching rules that have "log" explicitly stated will use the pflog facility. Add "log" to that rule if you want to see if it has any matching packets.

Are you running syslogd with the -u option on the receiving host? This is required.
Reply With Quote
  #3   (View Single Post)  
Old 18th July 2011
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Thanked 0 Times in 0 Posts
Default

Thanks for the reply. I was running tcpdump on pflog0 more for anything being denied which does have the log rule set; sorry should have mentioned that. I added log onto the rule posted above but still do not see anything.

The receiving host is a Kiwi Syslog Server (Windows) which does receieve syslogs from other hosts.

Is there anything I can do to verify that syslogs are being sent? Does it matter if I have multiple rules for the same syslog? I'm also logging to file for example.

I should see them being sent regardless if they make it to the log-host or not right?

Any thoughts or troubleshooting steps would be greatly appreciated.

Thanks!
Reply With Quote
Reply

Tags
syslogd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
send mails with postfix wesley OpenBSD Packages and Ports 1 18th August 2010 07:34 PM
Freebsd 7.1-STABLE and dd-wrt v24 syslogd da1 FreeBSD General 9 16th March 2009 05:15 PM
Silencing gconfd spam in syslogd... BSDfan666 Guides 0 12th December 2008 10:01 PM
send files to email milo974 OpenBSD General 7 1st September 2008 02:03 PM
Send email to all local users cajunman4life FreeBSD General 8 15th June 2008 10:52 AM


All times are GMT. The time now is 12:00 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick