# Syslog server in jail



## gregober (Jan 30, 2012)

I am trying to set up a syslog server inside a jail. I have properly configured the jail and it is up and running. Sysctl parameters are as follows: 


```
security.jail.mount_allowed: 0
security.jail.chflags_allowed: 0
security.jail.allow_raw_sockets: 1
security.jail.sysvipc_allowed: 1
security.jail.socket_unixiproute_only: 0
security.jail.set_hostname_allowed: 0
security.jail.jail_max_af_ips: 255
security.jail.jailed: 0
```

I have disabled binding on the host environment in /etc/rc.conf:

```
syslogd_flags="-ss"
```

But I still can't get the messages in the jail host. Nothing is logged in the file it is supposed to log from my remote firewall.

Any idea?


----------



## anomie (Jan 30, 2012)

Are the UDP packets making it to your jail IP at all? 

You can observe with tcpdump(1).


----------



## PeWiWa (Jan 30, 2012)

Maybe your jail is too "small". I had the same problem with my jail when some system-binaries and directories were missing. I added more binaries until a /etc/rc could run, and suddenly syslogd was working.

A jailstart with /etc/rc also creates some more directories in /var, so maybe syslogd needs this. I did not invest more time to get it out, but perhaps it helps


----------



## gregober (Jan 30, 2012)

Thanks for your answer. 

Turns out It was a problem with the IP address authorized for the syslog. 
I found that adding the "-d" to the startup syslogd parameter in rc.conf debug was very straightforward. 

Should have started by activating the debug in the first place. 

Thanks.


----------

