From nobody@FreeBSD.org  Thu Sep 29 17:30:10 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5CE13106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Sep 2011 17:30:10 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 46AEF8FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Sep 2011 17:30:10 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p8THU9DK008852
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Sep 2011 17:30:09 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p8THU9p5008851;
	Thu, 29 Sep 2011 17:30:09 GMT
	(envelope-from nobody)
Message-Id: <201109291730.p8THU9p5008851@red.freebsd.org>
Date: Thu, 29 Sep 2011 17:30:09 GMT
From: Andrei Kolu <antik@bsd.ee>
To: freebsd-gnats-submit@FreeBSD.org
Subject: syslog does not accept remote host logs
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         161129
>Category:       docs
>Synopsis:       syslog does not accept remote host logs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gjb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 29 17:40:07 UTC 2011
>Closed-Date:    Mon Oct 03 13:08:20 UTC 2011
>Last-Modified:  Mon Oct 03 13:08:20 UTC 2011
>Originator:     Andrei Kolu
>Release:        9-BETA2
>Organization:
Raidon Raalid O
>Environment:
FreeBSD drak 9.0-BETA2 FreeBSD 9.0-BETA2 #1: Mon Sep  5 00:23:25 EEST 2011     root@drak:/usr/obj/usr/src/sys/DRAK  amd64

>Description:
If I configure syslog for remote logging according to this manual:
http://www.freebsd.org/doc/handbook/network-syslogd.html

####hosts file
10.10.10.1 cisco1812 cisco1812.example.com

####rc.conf
syslogd_enable="YES"
syslogd_flags="-d -a 10.10.10.1 -v -v"

####syslog.conf
# Logging cisco
+cisco1812.example.com
*.* /var/log/cisco1812.example.com.log

then syslog would give me this error:

"validate: dgram from IP 10.10.10.1, port 54446, name cisco1812.example.com;
rejected in rule 0 due to port mismatch."


>How-To-Repeat:
####rc.conf
syslogd_enable="YES"
syslogd_flags="-d -a 10.10.10.1 -v -v"

####syslog.conf
# Logging cisco
+cisco1812.example.com
*.* /var/log/cisco1812.example.com.log

restart syslogd
>Fix:
####rc.conf
syslogd_enable="YES"
syslogd_flags="-a 10.10.10.1:* -v -v"

####syslog.conf
# Logging cisco
+cisco1812.example.com
*.* /var/log/cisco1812.example.com.log

restart syslogd

validate: dgram from IP 10.10.10.1, port 54446, name cisco1812.example.com;
accepted in rule 0.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: gjb 
State-Changed-When: Thu Sep 29 17:51:52 UTC 2011 
State-Changed-Why:  
Feedback requested. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=161129 

From: Glen Barber <gjb@FreeBSD.org>
To: Andrei Kolu <antik@bsd.ee>
Cc: bug-followup@FreeBSD.org
Subject: Re: docs/161129: syslog does not accept remote host logs
Date: Thu, 29 Sep 2011 13:51:33 -0400

 Hi,
 
 On 9/29/11 1:30 PM, Andrei Kolu wrote:
 >> Number:         161129
 >> Category:       docs
 >> Synopsis:       syslog does not accept remote host logs
 
 >> Description:
 > If I configure syslog for remote logging according to this manual:
 > http://www.freebsd.org/doc/handbook/network-syslogd.html
 > 
 > ####hosts file
 > 10.10.10.1 cisco1812 cisco1812.example.com
 > 
 > ####rc.conf
 > syslogd_enable="YES"
 > syslogd_flags="-d -a 10.10.10.1 -v -v"
 > 
 > ####syslog.conf
 > # Logging cisco
 > +cisco1812.example.com
 > *.* /var/log/cisco1812.example.com.log
 > 
 > then syslog would give me this error:
 > 
 > "validate: dgram from IP 10.10.10.1, port 54446, name cisco1812.example.com;
 > rejected in rule 0 due to port mismatch."
 
 According to syslogd(8):
 
 % Multiple -a options may be specified.
 % The allowed_peer option may be any of the following:
 % ipaddr/masklen[:service]    Accept datagrams from ipaddr (in the
 %                             usual dotted quad notation) with
 %                             masklen bits being taken into account
 %                             when doing the address comparison.
 %                             ipaddr can be also IPv6 address by
 %                             enclosing the address with [ and
 %                             ].  If specified, service is the
 %                             name or number of an UDP service (see
 %                             services(5)) the source packet must
 %                             belong to.  A service of * allows
 %                             packets being sent from any UDP port.
 %                             The default service is syslog.
 
 So, if ":*" or some other port is not specified, the default will be the
 syslog UDP port 514 (from /etc/services).  According to the above, your
 cisco device is using port 54446.  I suspect this will work with the
 following rc.conf entry:
 
  ####rc.conf
  syslogd_enable="YES"
  syslogd_flags="-d -a 10.10.10.1:54446 -v -v"
 
 Can you please try this, and let us know?
 
 Regards,
 
 Glen
 
 -- 
 Glen Barber | gjb@FreeBSD.org
 FreeBSD Documentation Project
Responsible-Changed-From-To: freebsd-doc->gjb 
Responsible-Changed-By: gjb 
Responsible-Changed-When: Thu Sep 29 20:15:26 UTC 2011 
Responsible-Changed-Why:  
I'll keep track of this, since I am the one that requested feedback. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=161129 

From: Andrei Kolu <antik@bsd.ee>
To: Glen Barber <gjb@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: docs/161129: syslog does not accept remote host logs
Date: Mon, 3 Oct 2011 10:51:46 +0300

 --000e0ce0073a52332d04ae604080
 Content-Type: text/plain; charset=windows-1252
 Content-Transfer-Encoding: quoted-printable
 
 2011/9/29 Glen Barber <gjb@freebsd.org>
 
 > Hi,
 >
 > On 9/29/11 1:30 PM, Andrei Kolu wrote:
 > >> Number:         161129
 > >> Category:       docs
 > >> Synopsis:       syslog does not accept remote host logs
 >
 > >> Description:
 > > If I configure syslog for remote logging according to this manual:
 > > http://www.freebsd.org/doc/handbook/network-syslogd.html
 > >
 > > ####hosts file
 > > 10.10.10.1 cisco1812 cisco1812.example.com
 > >
 > > ####rc.conf
 > > syslogd_enable=3D"YES"
 > > syslogd_flags=3D"-d -a 10.10.10.1 -v -v"
 > >
 > > ####syslog.conf
 > > # Logging cisco
 > > +cisco1812.example.com
 > > *.* /var/log/cisco1812.example.com.log
 > >
 > > then syslog would give me this error:
 > >
 > > "validate: dgram from IP 10.10.10.1, port 54446, name
 > cisco1812.example.com;
 > > rejected in rule 0 due to port mismatch."
 >
 > According to syslogd(8):
 >
 > % Multiple -a options may be specified.
 > % The allowed_peer option may be any of the following:
 > % ipaddr/masklen[:service]    Accept datagrams from ipaddr (in the
 > %                             usual dotted quad notation) with
 > %                             masklen bits being taken into account
 > %                             when doing the address comparison.
 > %                             ipaddr can be also IPv6 address by
 > %                             enclosing the address with =91[=92 and
 > %                             =91]=92.  If specified, service is the
 > %                             name or number of an UDP service (see
 > %                             services(5)) the source packet must
 > %                             belong to.  A service of =91*=92 allows
 > %                             packets being sent from any UDP port.
 > %                             The default service is =91syslog=92.
 >
 > So, if ":*" or some other port is not specified, the default will be the
 > syslog UDP port 514 (from /etc/services).  According to the above, your
 > cisco device is using port 54446.  I suspect this will work with the
 > following rc.conf entry:
 >
 >  ####rc.conf
 >  syslogd_enable=3D"YES"
 >  syslogd_flags=3D"-d -a 10.10.10.1:54446 -v -v"
 >
 > Can you please try this, and let us know?
 >
 >
 Hello!
 
 Yes, adding port number to syslog flags works. But after I upgraded IOS on
 Cisco router it changed port number also. I prefer ":*" way of configuratio=
 n
 and in case of whole network logging only 10.10.10.0/24:* would work.
 
 --000e0ce0073a52332d04ae604080
 Content-Type: text/html; charset=windows-1252
 Content-Transfer-Encoding: quoted-printable
 
 <br><br><div class=3D"gmail_quote">2011/9/29 Glen Barber <span dir=3D"ltr">=
 &lt;<a href=3D"mailto:gjb@freebsd.org">gjb@freebsd.org</a>&gt;</span><br><b=
 lockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px =
 #ccc solid;padding-left:1ex;">
 
 Hi,<br>
 <br>
 On 9/29/11 1:30 PM, Andrei Kolu wrote:<br>
 &gt;&gt; Number: =A0 =A0 =A0 =A0 161129<br>
 &gt;&gt; Category: =A0 =A0 =A0 docs<br>
 <div class=3D"im">&gt;&gt; Synopsis: =A0 =A0 =A0 syslog does not accept rem=
 ote host logs<br>
 <br>
 </div>&gt;&gt; Description:<br>
 &gt; If I configure syslog for remote logging according to this manual:<br>
 &gt; <a href=3D"http://www.freebsd.org/doc/handbook/network-syslogd.html" t=
 arget=3D"_blank">http://www.freebsd.org/doc/handbook/network-syslogd.html</=
 a><br>
 &gt;<br>
 &gt; ####hosts file<br>
 &gt; 10.10.10.1 cisco1812 <a href=3D"http://cisco1812.example.com" target=
 =3D"_blank">cisco1812.example.com</a><br>
 &gt;<br>
 &gt; ####rc.conf<br>
 &gt; syslogd_enable=3D&quot;YES&quot;<br>
 &gt; syslogd_flags=3D&quot;-d -a 10.10.10.1 -v -v&quot;<br>
 &gt;<br>
 &gt; ####syslog.conf<br>
 &gt; # Logging cisco<br>
 &gt; +<a href=3D"http://cisco1812.example.com" target=3D"_blank">cisco1812.=
 example.com</a><br>
 &gt; *.* /var/log/cisco1812.example.com.log<br>
 &gt;<br>
 &gt; then syslog would give me this error:<br>
 &gt;<br>
 &gt; &quot;validate: dgram from IP 10.10.10.1, port 54446, name <a href=3D"=
 http://cisco1812.example.com" target=3D"_blank">cisco1812.example.com</a>;<=
 br>
 &gt; rejected in rule 0 due to port mismatch.&quot;<br>
 <br>
 According to syslogd(8):<br>
 <br>
 % Multiple -a options may be specified.<br>
 % The allowed_peer option may be any of the following:<br>
 % ipaddr/masklen[:service] =A0 =A0Accept datagrams from ipaddr (in the<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 usual dotted quad=
  notation) with<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 masklen bits bein=
 g taken into account<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 when doing the ad=
 dress comparison.<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ipaddr can be als=
 o IPv6 address by<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 enclosing the add=
 ress with =91[=92 and<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =91]=92. =A0If sp=
 ecified, service is the<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 name or number of=
  an UDP service (see<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 services(5)) the =
 source packet must<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 belong to. =A0A s=
 ervice of =91*=92 allows<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 packets being sen=
 t from any UDP port.<br>
 % =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 The default servi=
 ce is =91syslog=92.<br>
 <br>
 So, if &quot;:*&quot; or some other port is not specified, the default will=
  be the<br>
 syslog UDP port 514 (from /etc/services). =A0According to the above, your<b=
 r>
 cisco device is using port 54446. =A0I suspect this will work with the<br>
 following rc.conf entry:<br>
 <br>
 =A0####rc.conf<br>
 =A0syslogd_enable=3D&quot;YES&quot;<br>
 =A0syslogd_flags=3D&quot;-d -a <a href=3D"http://10.10.10.1:54446" target=
 =3D"_blank">10.10.10.1:54446</a> -v -v&quot;<br>
 <br>
 Can you please try this, and let us know?<br>
 <font color=3D"#888888"><br></font></blockquote><div><br>Hello!<br><br>Yes,=
  adding port number to syslog flags works. But after I upgraded IOS on Cisc=
 o router it changed port number also. I prefer &quot;:*&quot; way of config=
 uration and in case of whole network logging only <a href=3D"http://10.10.1=
 0.0/24:*">10.10.10.0/24:*</a> would work.<br>
 
 </div></div><br>
 
 --000e0ce0073a52332d04ae604080--
State-Changed-From-To: feedback->closed 
State-Changed-By: gjb 
State-Changed-When: Mon Oct 3 13:07:52 UTC 2011 
State-Changed-Why:  
Submitter notes syslogd(8) is working as documented. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=161129 
>Unformatted:
