From ler@lerctr.org Sat Oct 29 02:18:29 2011 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7D67106566B for ; Sat, 29 Oct 2011 02:18:29 +0000 (UTC) (envelope-from ler@lerctr.org) Received: from thebighonker.lerctr.org (lrosenman-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3ad::2]) by mx1.freebsd.org (Postfix) with ESMTP id 39B768FC14 for ; Sat, 29 Oct 2011 02:18:29 +0000 (UTC) Received: from cpe-72-182-3-73.austin.res.rr.com ([72.182.3.73]:60607 helo=borg.lerctr.org) by thebighonker.lerctr.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1RJyV6-000MBA-9u for FreeBSD-gnats-submit@freebsd.org; Fri, 28 Oct 2011 21:18:28 -0500 Received: from ler by borg.lerctr.org with local (Exim 4.77 (FreeBSD)) (envelope-from ) id 1RJyV5-000ICn-NK for FreeBSD-gnats-submit@freebsd.org; Fri, 28 Oct 2011 21:18:23 -0500 Message-Id: Date: Fri, 28 Oct 2011 21:18:23 -0500 From: Larry Rosenman Reply-To: Larry Rosenman To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: remote syslog not logging X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 162135 >Category: bin >Synopsis: remote syslog not logging >Confidential: no >Severity: non-critical >Priority: low >Responsible: dougb >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Oct 29 02:20:06 UTC 2011 >Closed-Date: Sat Oct 29 02:39:36 UTC 2011 >Last-Modified: Sat Oct 29 11:17:32 UTC 2011 >Originator: Larry Rosenman >Release: FreeBSD 10.0-CURRENT amd64 >Organization: LERCTR Consulting >Environment: System: FreeBSD borg.lerctr.org 10.0-CURRENT FreeBSD 10.0-CURRENT #5: Mon Oct 24 04:15:57 CDT 2011 root@borg.lerctr.org:/usr/obj/usr/src/sys/BORG-DTRACE amd64 >Description: Why doesn't syslogd log these messages? This is from my Cable Modem: # tcpdump -vv -s 1500 host 192.168.200.10 and port 514 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 1500 bytes 21:14:21.915542 IP (tos 0x0, ttl 64, id 36817, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.bbn-mmx > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:21.916790 IP (tos 0x0, ttl 64, id 36818, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.sbook > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:21.917914 IP (tos 0x0, ttl 64, id 36819, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.editbench > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:22.665629 IP (tos 0x0, ttl 64, id 36820, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.equationbuilder > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:22.666755 IP (tos 0x0, ttl 64, id 36821, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.lotusnote > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:22.667880 IP (tos 0x0, ttl 64, id 36822, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.relief > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:23.428957 IP (tos 0x0, ttl 64, id 36823, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.rightbrain > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:21 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3231 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:23.430206 IP (tos 0x0, ttl 64, id 36824, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.intuitive-edge > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:21 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3231 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:23.431580 IP (tos 0x0, ttl 64, id 36825, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.cuillamartin > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:21 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3231 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 ^C 9 packets captured 72 packets received by filter 0 packets dropped by kernel The syslog flags: syslogd_flags="-n -a 192.168.200.10 -a 192.168.200.0/24" And /etc/syslog.conf: # $FreeBSD: src/etc/syslog.conf,v 1.30 2009/06/11 15:07:02 avg Exp $ # # Spaces ARE valid field separators in this file. However, # other *nix-like systems still insist on using tabs as field # separators. If you are sharing this file between systems, you # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.warning;auth.notice;mail.crit;local0.alert /dev/console *.info;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local0.* /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron *.=debug /var/log/debug.log *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log #console.info /var/log/console.log # uncomment this to enable logging of all log messages to /var/log/all.log # touch /var/log/all.log and chmod it to mode 600 before it will work *.* /var/log/all.log # uncomment this to enable logging to a remote loghost named loghost #*.* @loghost # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !ppp *.* /var/log/ppp.log !* Tail of /var/log/messages: Oct 28 16:01:41 borg sshd[67672]: Accepted publickey for ler from 32.97.110.60 port 25947 ssh2 Oct 28 16:02:03 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/usr/bin/tail /var/log/all.log Oct 28 16:02:10 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/all.log Oct 28 16:02:24 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/usr/bin/grep 192.168.200 /var/log/all.log Oct 28 16:05:00 borg /usr/sbin/cron[67703]: (root) CMD (/usr/libexec/atrun) Oct 28 16:10:00 borg /usr/sbin/cron[67730]: (root) CMD (/usr/libexec/atrun) Oct 28 16:10:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 65 to 64 Oct 28 16:10:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 194 Temperature_Celsius changed from 35 to 36 Oct 28 16:11:00 borg /usr/sbin/cron[67738]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:15:00 borg /usr/sbin/cron[67770]: (root) CMD (/usr/libexec/atrun) Oct 28 16:16:37 borg ntpd[1296]: synchronized to 199.4.29.166, stratum 2 Oct 28 16:20:00 borg /usr/sbin/cron[67797]: (root) CMD (/usr/libexec/atrun) Oct 28 16:22:00 borg /usr/sbin/cron[67809]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:25:00 borg /usr/sbin/cron[67836]: (root) CMD (/usr/libexec/atrun) Oct 28 16:30:00 borg /usr/sbin/cron[67863]: (root) CMD (/usr/libexec/atrun) Oct 28 16:33:00 borg /usr/sbin/cron[67880]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:35:00 borg /usr/sbin/cron[67902]: (root) CMD (/usr/libexec/atrun) Oct 28 16:40:00 borg /usr/sbin/cron[67929]: (root) CMD (/usr/libexec/atrun) Oct 28 16:44:00 borg /usr/sbin/cron[67952]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:45:00 borg /usr/sbin/cron[67969]: (root) CMD (/usr/libexec/atrun) Oct 28 16:50:00 borg /usr/sbin/cron[67996]: (root) CMD (/usr/libexec/atrun) Oct 28 16:55:00 borg /usr/sbin/cron[68025]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:55:00 borg /usr/sbin/cron[68024]: (root) CMD (/usr/libexec/atrun) Oct 28 17:00:00 borg /usr/sbin/cron[68064]: (root) CMD (newsyslog) Oct 28 17:00:00 borg /usr/sbin/cron[68065]: (root) CMD (/usr/libexec/atrun) Oct 28 17:00:00 borg /usr/sbin/cron[68066]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:05:00 borg /usr/sbin/cron[68103]: (root) CMD (/usr/libexec/atrun) Oct 28 17:08:41 borg ntpd[1296]: synchronized to 63.211.239.58, stratum 2 Oct 28 17:10:00 borg /usr/sbin/cron[68130]: (root) CMD (/usr/libexec/atrun) Oct 28 17:10:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 63 to 62 Oct 28 17:10:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 194 Temperature_Celsius changed from 37 to 38 Oct 28 17:10:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 64 to 63 Oct 28 17:10:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 194 Temperature_Celsius changed from 36 to 37 Oct 28 17:11:00 borg /usr/sbin/cron[68138]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:15:00 borg /usr/sbin/cron[68170]: (root) CMD (/usr/libexec/atrun) Oct 28 17:20:00 borg /usr/sbin/cron[68197]: (root) CMD (/usr/libexec/atrun) Oct 28 17:22:00 borg /usr/sbin/cron[68209]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:25:00 borg /usr/sbin/cron[68236]: (root) CMD (/usr/libexec/atrun) Oct 28 17:30:00 borg /usr/sbin/cron[68263]: (root) CMD (/usr/libexec/atrun) Oct 28 17:33:00 borg /usr/sbin/cron[68280]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:35:00 borg /usr/sbin/cron[68302]: (root) CMD (/usr/libexec/atrun) Oct 28 17:40:00 borg /usr/sbin/cron[68329]: (root) CMD (/usr/libexec/atrun) Oct 28 17:40:30 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 62 to 63 Oct 28 17:40:30 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 194 Temperature_Celsius changed from 38 to 37 Oct 28 17:44:00 borg /usr/sbin/cron[68352]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:45:00 borg /usr/sbin/cron[68369]: (root) CMD (/usr/libexec/atrun) Oct 28 17:50:00 borg /usr/sbin/cron[68396]: (root) CMD (/usr/libexec/atrun) Oct 28 17:55:00 borg /usr/sbin/cron[68424]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:55:00 borg /usr/sbin/cron[68425]: (root) CMD (/usr/libexec/atrun) Oct 28 18:00:00 borg /usr/sbin/cron[68464]: (root) CMD (newsyslog) Oct 28 18:00:00 borg /usr/sbin/cron[68465]: (root) CMD (/usr/libexec/atrun) Oct 28 18:00:00 borg /usr/sbin/cron[68466]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:05:00 borg /usr/sbin/cron[68503]: (root) CMD (/usr/libexec/atrun) Oct 28 18:10:00 borg /usr/sbin/cron[68530]: (root) CMD (/usr/libexec/atrun) Oct 28 18:11:00 borg /usr/sbin/cron[68538]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:15:00 borg /usr/sbin/cron[68570]: (root) CMD (/usr/libexec/atrun) Oct 28 18:20:00 borg /usr/sbin/cron[68597]: (root) CMD (/usr/libexec/atrun) Oct 28 18:22:00 borg /usr/sbin/cron[68609]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:25:00 borg /usr/sbin/cron[68636]: (root) CMD (/usr/libexec/atrun) Oct 28 18:30:00 borg /usr/sbin/cron[68663]: (root) CMD (/usr/libexec/atrun) Oct 28 18:33:00 borg /usr/sbin/cron[68680]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:35:00 borg /usr/sbin/cron[68702]: (root) CMD (/usr/libexec/atrun) Oct 28 18:40:00 borg /usr/sbin/cron[68729]: (root) CMD (/usr/libexec/atrun) Oct 28 18:40:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 63 to 64 Oct 28 18:40:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 194 Temperature_Celsius changed from 37 to 36 Oct 28 18:42:02 borg ntpd[1296]: synchronized to 199.4.29.166, stratum 2 Oct 28 18:44:00 borg /usr/sbin/cron[68752]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:45:00 borg /usr/sbin/cron[68769]: (root) CMD (/usr/libexec/atrun) Oct 28 18:45:49 borg sshd[68774]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:51 borg sshd[68776]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:52 borg sshd[68778]: Invalid user shit from 121.207.230.69 Oct 28 18:45:52 borg sshd[68778]: input_userauth_request: invalid user shit [preauth] Oct 28 18:45:53 borg sshd[68778]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:55 borg sshd[68780]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:57 borg sshd[68783]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:59 borg sshd[68785]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:01 borg sshd[68787]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:03 borg sshd[68789]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:05 borg sshd[68791]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:07 borg sshd[68793]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:09 borg sshd[68795]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:11 borg sshd[68797]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:12 borg sshd[68799]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:14 borg sshd[68802]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:16 borg sshd[68805]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:18 borg sshd[68807]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:20 borg sshd[68809]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:22 borg sshd[68811]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:24 borg sshd[68813]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:26 borg sshd[68815]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:28 borg sshd[68817]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:30 borg sshd[68819]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:32 borg sshd[68821]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:34 borg sshd[68823]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:36 borg sshd[68826]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:38 borg sshd[68828]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:40 borg sshd[68830]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:42 borg sshd[68832]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:44 borg sshd[68835]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:44 borg sshd[68835]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:44 borg sshd[68835]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:46 borg sshd[68837]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:46 borg sshd[68837]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:46 borg sshd[68837]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:48 borg sshd[68839]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:48 borg sshd[68839]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:48 borg sshd[68839]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:50 borg sshd[68841]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:50 borg sshd[68841]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:50 borg sshd[68841]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:52 borg sshd[68843]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:52 borg sshd[68843]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:52 borg sshd[68843]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:54 borg sshd[68845]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:54 borg sshd[68845]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:54 borg sshd[68845]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:54 borg sshd[68847]: refused connect from 121.207.230.69 (121.207.230.69) Oct 28 18:50:00 borg /usr/sbin/cron[68865]: (root) CMD (/usr/libexec/atrun) Oct 28 18:55:00 borg /usr/sbin/cron[68893]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:55:00 borg /usr/sbin/cron[68894]: (root) CMD (/usr/libexec/atrun) Oct 28 19:00:00 borg /usr/sbin/cron[68934]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:00:00 borg /usr/sbin/cron[68933]: (root) CMD (newsyslog) Oct 28 19:00:00 borg /usr/sbin/cron[68935]: (root) CMD (/usr/libexec/atrun) Oct 28 19:05:00 borg /usr/sbin/cron[68972]: (root) CMD (/usr/libexec/atrun) Oct 28 19:10:00 borg /usr/sbin/cron[68999]: (root) CMD (/usr/libexec/atrun) Oct 28 19:10:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 64 to 65 Oct 28 19:10:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 194 Temperature_Celsius changed from 36 to 35 Oct 28 19:10:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 64 to 63 Oct 28 19:10:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 194 Temperature_Celsius changed from 36 to 37 Oct 28 19:11:00 borg /usr/sbin/cron[69007]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:15:00 borg /usr/sbin/cron[69039]: (root) CMD (/usr/libexec/atrun) Oct 28 19:20:00 borg /usr/sbin/cron[69066]: (root) CMD (/usr/libexec/atrun) Oct 28 19:22:00 borg /usr/sbin/cron[69078]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:25:00 borg /usr/sbin/cron[69105]: (root) CMD (/usr/libexec/atrun) Oct 28 19:30:00 borg /usr/sbin/cron[69132]: (root) CMD (/usr/libexec/atrun) Oct 28 19:33:00 borg /usr/sbin/cron[69149]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:35:00 borg /usr/sbin/cron[69171]: (root) CMD (/usr/libexec/atrun) Oct 28 19:40:00 borg /usr/sbin/cron[69198]: (root) CMD (/usr/libexec/atrun) Oct 28 19:40:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 65 to 64 Oct 28 19:40:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 194 Temperature_Celsius changed from 35 to 36 Oct 28 19:44:00 borg /usr/sbin/cron[69221]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:45:00 borg /usr/sbin/cron[69238]: (root) CMD (/usr/libexec/atrun) Oct 28 19:50:00 borg /usr/sbin/cron[69271]: (root) CMD (/usr/libexec/atrun) Oct 28 19:55:00 borg /usr/sbin/cron[69302]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:55:00 borg /usr/sbin/cron[69303]: (root) CMD (/usr/libexec/atrun) Oct 28 20:00:00 borg /usr/sbin/cron[69343]: (root) CMD (newsyslog) Oct 28 20:00:00 borg /usr/sbin/cron[69342]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:00:00 borg /usr/sbin/cron[69344]: (root) CMD (/usr/libexec/atrun) Oct 28 20:05:00 borg /usr/sbin/cron[69381]: (root) CMD (/usr/libexec/atrun) Oct 28 20:08:37 borg kernel: arp: 192.168.200.10 moved from 2c:9e:5f:f8:d9:a3 to d8:b3:77:f1:b2:61 on em0 Oct 28 20:10:00 borg /usr/sbin/cron[69408]: (root) CMD (/usr/libexec/atrun) Oct 28 20:10:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 63 to 62 Oct 28 20:10:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 194 Temperature_Celsius changed from 37 to 38 Oct 28 20:11:00 borg /usr/sbin/cron[69416]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:12:25 borg kernel: arp: 192.168.200.10 moved from d8:b3:77:f1:b2:61 to 2c:9e:5f:f8:d9:a3 on em0 Oct 28 20:15:00 borg /usr/sbin/cron[69451]: (root) CMD (/usr/libexec/atrun) Oct 28 20:20:00 borg /usr/sbin/cron[69478]: (root) CMD (/usr/libexec/atrun) Oct 28 20:22:00 borg /usr/sbin/cron[69490]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:25:00 borg /usr/sbin/cron[69517]: (root) CMD (/usr/libexec/atrun) Oct 28 20:30:00 borg /usr/sbin/cron[69544]: (root) CMD (/usr/libexec/atrun) Oct 28 20:33:00 borg /usr/sbin/cron[69561]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:33:29 borg ntpd[1296]: synchronized to 63.211.239.58, stratum 2 Oct 28 20:33:35 borg sshd[69574]: Accepted publickey for ler from 192.168.200.103 port 51503 ssh2 Oct 28 20:33:39 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/bin/sh Oct 28 20:35:00 borg /usr/sbin/cron[69593]: (root) CMD (/usr/libexec/atrun) Oct 28 20:40:00 borg /usr/sbin/cron[81187]: (root) CMD (/usr/libexec/atrun) Oct 28 20:40:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 62 to 63 Oct 28 20:44:00 borg /usr/sbin/cron[97243]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:45:00 borg /usr/sbin/cron[98575]: (root) CMD (/usr/libexec/atrun) Oct 28 20:50:00 borg /usr/sbin/cron[98602]: (root) CMD (/usr/libexec/atrun) Oct 28 20:55:00 borg /usr/sbin/cron[98640]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:55:00 borg /usr/sbin/cron[98641]: (root) CMD (/usr/libexec/atrun) Oct 28 20:55:37 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/bin/sh Oct 28 21:00:00 borg /usr/sbin/cron[22210]: (root) CMD (newsyslog) Oct 28 21:00:00 borg /usr/sbin/cron[22211]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 21:00:00 borg /usr/sbin/cron[22212]: (root) CMD (/usr/libexec/atrun) Oct 28 21:05:00 borg /usr/sbin/cron[49378]: (root) CMD (/usr/libexec/atrun) Oct 28 21:10:00 borg /usr/sbin/cron[66044]: (root) CMD (/usr/libexec/atrun) Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada2, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 63 to 64 Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 62 to 63 Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 194 Temperature_Celsius changed from 38 to 37 Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 63 to 64 Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 194 Temperature_Celsius changed from 37 to 36 Oct 28 21:11:00 borg /usr/sbin/cron[66745]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 21:11:54 borg postgres[1374]: [2-1] LOG: received fast shutdown request Oct 28 21:11:54 borg postgres[1374]: [3-1] LOG: aborting any active transactions Oct 28 21:11:54 borg postgres[1380]: [2-1] LOG: autovacuum launcher shutting down Oct 28 21:11:54 borg postgres[1378]: [1-1] LOG: shutting down Oct 28 21:11:54 borg postgres[1378]: [2-1] LOG: database system is shut down Oct 28 21:11:55 borg postgres[69862]: [1-1] LOG: database system was shut down at 2011-10-28 21:11:54 CDT Oct 28 21:11:55 borg postgres[69861]: [1-1] LOG: database system is ready to accept connections Oct 28 21:11:55 borg postgres[69865]: [1-1] LOG: autovacuum launcher started Oct 28 21:12:34 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/bin/sh Oct 28 21:13:28 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/bin/sh Oct 28 21:13:56 borg kernel: em0: promiscuous mode enabled Oct 28 21:13:56 borg kernel: em0: promiscuous mode disabled Oct 28 21:14:14 borg kernel: em0: promiscuous mode enabled Oct 28 21:14:26 borg kernel: em0: promiscuous mode disabled Oct 28 21:15:00 borg /usr/sbin/cron[69944]: (root) CMD (/usr/libexec/atrun) Oct 28 21:16:12 borg ntpd[1296]: synchronized to 199.4.29.166, stratum 2 >How-To-Repeat: Set up syslog as above, and enable remote logging, and note no logging >Fix: unknown >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: dougb State-Changed-When: Sat Oct 29 02:36:36 UTC 2011 State-Changed-Why: This is something that needs to be reported on a mailing list first, probably freebsd-questions@FreeBSD.org. If you don't get a resolution there, then try freebsd-current@FreeBSD.org. Meanwhile, make sure that syslogd on the receiving host has not been started with any -s options. hope this helps, Doug Responsible-Changed-From-To: freebsd-bugs->dougb Responsible-Changed-By: dougb Responsible-Changed-When: Sat Oct 29 02:36:36 UTC 2011 Responsible-Changed-Why: I closed it. http://www.freebsd.org/cgi/query-pr.cgi?pr=162135 From: Larry Rosenman To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org, dougb@FreeBSD.org Cc: Subject: Re: bin/162135: remote syslog not logging Date: Fri, 28 Oct 2011 21:59:54 -0500 (CDT) Since Doug Barton doesn't believe that the syslogd is running with the options, here's a ps to show that it is: root 65128 0.0 0.0 12216 1552 ?? Ss 10:02AM 0:01.17 /usr/sbin/syslogd -n -a 192.168.200.10 -a 192.168.200.0/24 ler 70268 0.0 0.0 14680 1608 0 S+ 9:58PM 0:00.00 sh -c ps auxw|grep syslogd ler 70270 0.0 0.0 16460 1352 0 S+ 9:58PM 0:00.00 grep syslogd And in answer to Doug's point that the -a options are redundant, I know that but I did it as a debugging set. I think this proves that there is a PROBLEM in the code, and the PR should be reopened. I object STRONGLY to the closure of this PR. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 512-248-2683 E-Mail: ler@lerctr.org US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 From: Stanislav Sedov To: Larry Rosenman Cc: FreeBSD PR followup Subject: Re: bin/162135: remote syslog not logging Date: Fri, 28 Oct 2011 20:16:14 -0700 Hi! I think there's a problem with you configuration. For syslogd server to accept messages from the remote host you need to specify hosts you allow to accept messages from via "-a" command line arguments: % -a allowed_peer % Allow allowed_peer to log to this syslogd using UDP datagrams. % Multiple -a options may be specified. % % The allowed_peer option may be any of the following: % % ipaddr/masklen[:service] Accept datagrams from ipaddr (in the % usual dotted quad notation) with % masklen bits being taken into account % when doing the address comparison. % ipaddr can be also IPv6 address by % enclosing the address with `[' and % `]'. If specified, service is the % name or number of an UDP service (see % services(5)) the source packet must % belong to. A service of `*' allows % packets being sent from any UDP port. % The default service is `syslog'. If % ipaddr is IPv4 address, a missing % masklen will be substituted by the % historic class A or class B netmasks % if ipaddr belongs into the address % range of class A or B, respectively, % or by 24 otherwise. If ipaddr is % IPv6 address, a missing masklen will % be substituted by 128. Please, note, that here the default service is 'syslog', so syslogd won't accept any packets coming from ports != syslogd unless the service is specified. In you tcpdump output packets are coming from the port 1349, and since you didn't specified the service in the syslogd command line arguments these messages won't be accepted. I'm not sure, but maybe running syslogd in debug mode will actually show messages confirming this. -- Stanislav Sedov ST4096-RIPE () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments From: Larry Rosenman To: Stanislav Sedov Cc: FreeBSD PR followup Subject: Re: bin/162135: remote syslog not logging Date: Fri, 28 Oct 2011 22:20:27 -0500 ------7BYDOEP0IHLTW1HCPV4N541DIUQVIJ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 See the options lines -a 192.168.200.0/24 And the Cable modem is sending = to 514. (See the tcpdump output) -- Sent from my Android phone with K-9 M= ail. Please excuse my brevity. Stanislav Sedov wrote: = Hi! I think there's a problem with you configuration. For syslogd server t= o accept messages from the remote host you need to specify hosts you allow = to accept messages from via "-a" command line arguments: % -a allowed_peer= % Allow allowed_peer to log to this syslogd using UDP datagrams. % Multipl= e -a options may be specified. % % The allowed_peer option may be any of t= he following: % % ipaddr/masklen[:service] Accept datagrams from ipaddr (i= n the % usual dotted quad notation) with % masklen bits being taken into ac= count % when doing the address comparison. % ipaddr can be also IPv6 addres= s by % enclosing the address with `[' and % `]'. If specified, service is t= he % name or number of an UDP service (see % services(5)) the source packet= must % belong to. A service of `*' allows % packets being sent from any UD= P port. % The default service is `syslog'. If % ipaddr is IPv4 address, a m= issing % masklen will be substituted by the % historic class A or class B n= etmasks % if ipaddr belongs into the address % range of class A or B, respe= ctively, % or by 24 otherwise. If ipaddr is % IPv6 address, a missing maskl= en will % be substituted by 128. Please, note, that here the default servi= ce is 'syslog', so syslogd won't accept any packets coming from ports !=3D = syslogd unless the service is specified. In you tcpdump output packets are = coming from the port 1349, and since you didn't specified the service in th= e syslogd command line arguments these messages won't be accepted. I'm not= sure, but maybe running syslogd in debug mode will actually show messages = confirming this. -- Stanislav Sedov ST4096-RIPE () ascii ribbon campaign= - against html e-mail /\ www.asciiribbon.org - against proprietary attach= ments ------7BYDOEP0IHLTW1HCPV4N541DIUQVIJ-- From: Stanislav Sedov To: Larry Rosenman Cc: FreeBSD PR followup Subject: Re: bin/162135: remote syslog not logging Date: Fri, 28 Oct 2011 21:01:10 -0700 On Fri, 28 Oct 2011 22:20:27 -0500 Larry Rosenman mentioned: > See the options lines > > -a 192.168.200.0/24 > > And the Cable modem is sending to 514. > Please, read the manpage description for the '-a' switch. The modem is sending to the port 514, it's true, but it's not using port 514 as a source. And you didn't specify the source service in the '-a' command line argument parameter. -- Stanislav Sedov ST4096-RIPE () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments From: Larry Rosenman To: Stanislav Sedov Cc: FreeBSD PR followup , freebsd-current@freebsd.org, kob6558@gmail.com Subject: Re: bin/162135: remote syslog not logging Date: Fri, 28 Oct 2011 23:08:05 -0500 On 10/28/2011 11:01 PM, Stanislav Sedov wrote: > On Fri, 28 Oct 2011 22:20:27 -0500 > Larry Rosenman mentioned: > >> See the options lines >> >> -a 192.168.200.0/24 >> >> And the Cable modem is sending to 514. >> > Please, read the manpage description for the '-a' switch. > The modem is sending to the port 514, it's true, but it's not > using port 514 as a source. And you didn't specify the source > service in the '-a' command line argument parameter. > AHA! That's the issue. I changed the -a to: syslogd_flags="-n -a 192.168.200.0/24:*" and we now get the messages logged. THANK YOU. >Unformatted: