|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Collecting logs from remote machine
Hello all.
I'm setting up collecting logs from Asterisk on FreeBSD (10.1.34.30) - to OpenBSD machine (10.145.13.22). The remote part (Asterisk, FreeBSD) are already configured. tcpdump (run on FreeBSD) shows that logs are sent from FreeBSD machine to OpenBSD: Code:
10:53:12.752395 IP 10.1.34.30.514 > 10.145.13.22.514: SYSLOG local0.notice, length: 144 10:53:37.288066 IP 10.1.34.30.514 > 10.145.13.22.514: SYSLOG local0.notice, length: 144 10:54:09.596454 IP 10.1.34.30.514 > 10.145.13.22.514: SYSLOG local0.notice, length: 144 Code:
# netstat -f inet -nla | grep 514 udp 0 0 *.514 *.* Code:
# pfctl -sr block drop all pass all flags S/SA block drop in on ! lo0 proto tcp from any to any port 6000:6010 The problem: where is the log stored? There is no /var/log/syslog on OpenBSD. Its creation haven't helped (file remains empty). 'ps aux | grep syslog' shows two destinations, but they are also empty: Code:
# ps aux | grep syslog _syslogd 26787 0.0 0.0 428 732 ?? S 4:23PM 0:00.02 /usr/sbin/syslogd -a /var/www/dev/log -a /var/empty/dev/log root 23392 0.0 0.0 420 756 ?? Is 4:23PM 0:00.00 syslogd: [priv] (syslogd) root 31053 0.0 0.0 492 724 p0 S+ 5:02PM 0:00.00 grep syslog So, the logs are sent successfully. I just need to catch them. And I wonder, how it could be done. |
|
||||
From the man page syslogd(8):
Code:
-u Select the historical ``insecure'' mode, in which syslogd will accept input from the UDP port. Some software wants this, but you can be subjected to a variety of attacks over the network, including attackers remotely filling logs. Code:
syslogd opens an Internet domain socket as specified in /etc/services. Normally syslogd will only use this socket to send messages outwards, but in ``insecure'' mode it will also read messages from this socket.... |
|
|||
Yes, I saw this option, but haven't used it, because syslog was already listening on UDP (as we see from 'netstat -f inet -nla').
On the other hand, 'ps aux | grep sysl' shows that the '-u' option is not used. Thank you, jggimi! I will try right now. |
|
|||
Well, now the remote log is stored in /var/log/messages
Thank you for an advice, friend. |
Tags |
syslog |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
wierd logs in pf | kondziq | FreeBSD Security | 6 | 19th June 2010 04:27 PM |
Google Street View logs WiFi networks, Mac addresses | J65nko | News | 1 | 22nd April 2010 09:52 PM |
tftp logs | syrushcw | FreeBSD General | 1 | 25th June 2008 04:06 PM |
how extract specific test from Postfix logs with PHP or Perl | marco64 | Programming | 3 | 21st June 2008 12:46 PM |
How do I get network logs? | Johnny2Bad | FreeBSD General | 2 | 22nd May 2008 05:37 PM |