0

Problem: Trying to isolate the issue preventing one of our BlueSocket routers from logging to a FreeBSD syslog box. The one that is not logging has identical logging settings to the other but is on a DMZ segment, so I believe it is either a Firewall issue or a bug with the BlueSocket ( different firmware version ) at this point. Nonetheless, I am submitting my syslog settings to eliminate that possibility.

Here's the pertinent part of my syslog.conf:

*.err;kern.warning;auth.notice;mail.crit                /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs
ftp.info                                        /var/log/xferlog
cron.*                                          /var/log/cron
*.=debug                                        /var/log/debug.log
*.emerg                                         *

!ppp
*.*                                             /var/log/ppp.log
!*
+bluesocketWPL
local1.*                                        /var/log/bluesocketWPL.log
+bluesocketML
local0.*                                        /var/log/bluesocketML.log

bluesocketML logs just fine regardless of position in file or interface set.

I've looked at the man pages and docs for syslog ...this looks right to me. This seems all the more obvious as the order of the entries makes no change in result.

Thanks for any thoughts you may have ....in advance.

Bubnoff

PS: Checked perms on files in question. Identical.

** UPDATE **

As per Chris' tip I ran a tcpdump for the hosts in question, looking for syslog traffic.

tcpdump -i bge0 host bluesocketML or host bluesocketWPL and port syslog

One WAP comes in loud and clear ...the other, nothing. I can ping it ...it can ping me. Thinking that it must be a firewall issue on the device or on our firewall. We are connected by VPN in both cases. VPN policies seem whorish enough to me, but that seems like the next place to look.

Bubnoff
  • 415
  • 7
  • 18
  • Does a `tcpdump ip host [1.2.3.4] and port syslog` (replace with IP of the WAP) show any syslog traffic from the WAP? – Chris S Dec 03 '10 at 00:05
  • Shows from bluesocketML but not bluesocketWPL. Thanks ...great tip. But still at the drawing board ... – Bubnoff Dec 03 '10 at 01:06
  • Definitely time to check any firewalls in between and double check the configuration on the WAP (might also try updating the firmware if that isn't a overly complicated process). – Chris S Dec 03 '10 at 01:31
  • We'll be updating the firmware tomorrow. We've gone over the firewalls fairly exhaustively. The settings seems the same but what I might do is download the configs, run a 'diff' on them and grep for the log settings. – Bubnoff Dec 03 '10 at 02:07
  • @Bubnoff - Did you ever find a resolution for this? It sounds like the issue is on your BlueSocket device - did the firmware upgrade help? – voretaq7 Dec 07 '11 at 20:55
  • @voretaq7 - Yes, it was a firewall rule at that branch + a reboot that seemed to get everything going. – Bubnoff Dec 10 '11 at 19:34

1 Answers1

2

A firewall rule at that branch + a reboot fixed the issue.

Bubnoff
  • 415
  • 7
  • 18