Wednesday, 18 June 2014

Gotchas setting up FreeBSD as a remote syslog server

I needed to migrate an OpenBSD remote syslog server to a VM. As FreeBSD is better supported under VMWare, I switched to this.

The configuration is well documented in section 12.7.3 of the online manual but I hit a couple of gotchas which I'll share with you to save you work.

The procedure in 12.7.3.1 asks to add a couple of lines to /etc/syslog.conf for each client. This is only necessary if you want to have a separate log file for that client. Otherwise received messages will be distributed to the default log files as configured. By the way I could not find a way to specify a wildcard for the client.

You also need to edit /etc/rc.conf, and specify syslogd_flags. Here you can use a hostname, netblock or domain, see man syslogd. But there is one gotcha. FreeBSD syslogd will only accept messages originating from port 514 on the client. This may not always be the case. The symptom is that tcpdump shows that the messages are arriving on the server, but syslogd is ignoring them. To allow any origin port, specify it with an asterisk after the host or netblock specification.

syslogd_flags="-a 10.10.10.0/24:* -v -v"

And to install open-vm-tools simply do pkg install open-vm-tools. It will pull in a lot of dependencies though.

No comments:

Post a Comment