A Central Syslog Svr Setup-freebsd4.5

From: pat (hobo@speakeasy.net)
Date: 07/09/02 

From: "pat" <hobo@speakeasy.net>
Date: Mon, 8 Jul 2002 20:25:34 -0400

Hi
I am hope someone out there may want to give me a few pointers on how to set
up a syslog svr. I think I has most of it done but I think I am missing some
thing.

I have 2 boxs set up with freebsd. A gateway box FBSD 4.5 w/3 nic's and a
simple svr FBSD4.6 w/2 nic's of which only one is config'ed.

The 4.6 is my syslog server and 4.5 will be client that sends it's log to
the 4.6 svr.

I have uncommented the line to send the logs and stated the address in the
syslog.conf file. I have checked name resolution and all is fine.

On the 4.6 svr I have added to the rc.conf
syslogd_flag="-a[ip address of 4.5 box] -b[ip address of 4.6 connected to
4.5]"
Do I by adding this flag to this file cancil out the other 2 flag lines (ie.
"-s" and "-ss") from /etc/default/rc.conf ?

I have not altered the rc.conf file inside the defaults folder.

I have netstat -an and I do see the udp port but it is not in LISTEN that
field is blank.

I have nmap -sU from 4.5 box and found port 514 open on the 4.6 box

I have tryed to pass a message from 4.5 with logger

logger -h[ip address of 4.6] -s hello
and can not find it in any of the logs on 4.6 nor are there any log info
from 4.5

I have logged the interface on 4.5 connected to 4.6 in my ipf rule set and
see the logger message enter the wire

Have I missed a setup some where?

Dazzed and confused 

---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.371 / Virus Database: 206 - Release Date: 6/13/2002

Quantcast