I'm trying to send logs from a jail to the host system on FreeBSD 10.
I think everything is setup correctly but I can't get it working.
Sending logs directly from Nginx 1.7 works but not sending logs via syslog (e.g. PHP-FPM).
This is my host's /etc/rc.conf
:
syslogd_flags="-a 10.0.0.1/24:* -v -v -C"
My host's etc/syslog.conf
:
+ABCD
*.=info /var/log/jails/ABCD/nginx-access.log
*.=error /var/log/jails/ABCD/nginx-error.log
*.* /var/log/jails/ABCD/all.log
This is the jail's etc/rc.conf
:
syslogd_flags="-ss -v -v"
And the jail's etc/syslog.conf
:
!php-fpm
*.* @127.0.0.1
etc/hosts
is setup in both systems.
Sending logs manually directly to the host with logger
works.
Using the debugging function I can see that the jail is forwarding logs that I create manually with logger -t php-fpm
:
Logging to FORW 127.0.0.1
But the logs never arrive on the host. The debugger there doesn't receive any message. Doing the same with Nginx`built-in syslog function works.
I already tried setting syslogd_flags="-s -v -v"
. I then can't send any logs manually any more and the situation doesn't change.
Best Answer
As @citrin mentions, the
-ss
flag is not what you want.The following works for me, on FreeBSD 12.1, with no
vnet
virtualization configured.192.168.1.1 is the IP of the host.
192.168.1.68 is the IP of the jail.
Make sure the host and the jail can ping each other.
Make sure you have no firewall rules blocking UDP port 514 between the host and the jail.
In the jail:
On the host:
If that still doesn't work for you, there are some good troubleshooting suggestions in the FreeBSD Handbook page on
syslogd
. The most notable is the use of the-d
switch on the host side:That generates a lot of output, so read through it carefully.
Finally, remote syslogging is sometimes a bit fiddly, for reasons perhaps a more senior admin can add in comments. I have the best success when I do not reference /etc/hosts entries in the
syslogd_flags
string. Using literal IP numbers works better for me. That might be due to not using a legit fully-qualified domain name and/or a real DNS name. As time permits, I will explore those possibilities and update this answer.Update:
After setting up some test DNS entries and trying various configurations, I think that whatever difficulties I had earlier were due to either hurried work and/or inconsistent attention to detail. Once I have a solid
/etc/syslog.conf
framework on both jail and host, along with syslog-friendly firewall entries, it appears that my jail-to-host remote logging works using either proper DNS names,/etc/hosts
entries, or raw IP numbers.