Discussion:
Syslog to log remote nodes
(too old to reply)
Erik Norgaard
2010-04-10 16:54:10 UTC
Permalink
Hi:

I want my syslog to log remote nodes, in particular my access point and
router, which authenticates users against my freeradius server.

In /etc/rc.conf I've got:
syslogd_flags="-C -a 192.168.0.0/23 -a 172.16.0.0/23 -vv"

In /etc/syslog.conf I've got first the entries for the system, no
networked clients specified,

...
local0.* /var/log/radius.log
...
# Remote systems
+172.16.0.0/23
*.info /var/log/wlan.log
+192.168.0.254
*.info /var/log/router.log

Surprise, I've got my access point logs in the radius log file, not in
the wlan.log,

snip radius.log:

Apr 10 17:54:15 <local0.notice> ap airport 80211: Rotated TKIP group key.
Apr 10 18:02:19 <local0.notice> ap airport ntp: Clock synchronized to
network time server ntp.locolomo.org (adjusted -1 seconds).
Apr 10 18:43:11 <local0.info> alpha radiusd[79800]: Loaded virtual
server inner-tunnel
Apr 10 18:43:11 <local0.info> alpha radiusd[79800]: Loaded virtual
server <default>

The "ap" is the access point.

I haven't got anything in router.log and can't really figure where it
has ended up.

What's wrong with my syslog.conf?

Thanks, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
Peter Boosten
2010-04-10 17:42:27 UTC
Permalink
Post by Erik Norgaard
I want my syslog to log remote nodes, in particular my access point and
router, which authenticates users against my freeradius server.
syslogd_flags="-C -a 192.168.0.0/23 -a 172.16.0.0/23 -vv"
In /etc/syslog.conf I've got first the entries for the system, no
networked clients specified,
...
local0.* /var/log/radius.log
...
# Remote systems
+172.16.0.0/23
*.info /var/log/wlan.log
+192.168.0.254
*.info /var/log/router.log
Surprise, I've got my access point logs in the radius log file, not in
the wlan.log,
Apr 10 17:54:15 <local0.notice> ap airport 80211: Rotated TKIP group key.
Apr 10 18:02:19 <local0.notice> ap airport ntp: Clock synchronized to
network time server ntp.locolomo.org (adjusted -1 seconds).
Apr 10 18:43:11 <local0.info> alpha radiusd[79800]: Loaded virtual
server inner-tunnel
Apr 10 18:43:11 <local0.info> alpha radiusd[79800]: Loaded virtual
server <default>
The "ap" is the access point.
I haven't got anything in router.log and can't really figure where it
has ended up.
What's wrong with my syslog.conf?
I tried once the same setup, but never got it working.
I ended up switching to syslog-ng (I know, probably not the answer
you're looking for, but with syslog-ng you can configure the way you
want it to be).

Peter
--
http://www.boosten.org
Loading...