hi all, i think this is the right place for this .... i've enabled REMOTE syslogging in OSX 10.3.4 by changing ~line_no:11 in /etc/rc from: /usr/sbin/syslogd -s -m 0 -u to /usr/sbin/syslogd -m 0 -u with this change, remote logging works fine. BUT, it leaves the syslog open to UDP traffic from ALL ips . so in trying to limit logging access to ONLY specific IP, i note: usage: syslogd [-46Acdknosuv] [-a allowed_peer] [-b bind address] [-f config_file] [-l log_socket] [-m mark_interval] [-P pid_file] [-p log_socket] PROBLEM #1: checking the apple manpage for syslogd, there's no mention of the "-a allowed_per" flag. which MAY be cuz its old/not updated: HISTORY The syslogd command appeared in 4.3BSD. 4.2 Berkeley Distribution June 6, 1993 4.2 Berkeley Distribution so, jumping over to the FreeBSD manpages, i learn that: -a allowed_peer Allow allowed_peer to log to this syslogd using UDP datagrams. Multiple -a options may be specified. Allowed_peer can be any of the following: ipaddr/masklen[:service] Accept datagrams from ipaddr (in the usual dotted quad notation) with masklen bits being taken into account when doing the address comparison. ipaddr can be also IPv6 address by enclosing the address with `[' and `]'. If specified, service is the name or number of an UDP service (see services(5)) the source packet must belong to. A service of `*' allows packets being sent from any UDP port. The default service is `syslog'. If ipaddr is IPv4 address, a missing masklen will be substituted by the historic class A or class B netmasks if ipaddr belongs into the address range of class A or B, respectively, or by 24 otherwise. If ipaddr is IPv6 address, a missing masklen will be substituted by 128. domainname[:service] Accept datagrams where the reverse address lookup yields domainname for the sender address. The meaning of service is as explained above. *domainname[:service] Same as before, except that any source host whose name ends in domainname will get permission. The -a options are ignored if the -s option is also specified. seems to be exactly what i want/need. if i spec'y a SINGLE, FIXED source_port, e.g.: /usr/sbin/syslogd -a 172.30.11.101/32:2048 -m 0 -u remote logging WORKS. however, since my remote box uses variable src ports, and there's no way to specify a fixed port, i need to use the "*" port wildcard. unfortunately, PROBLEM #2: it chokes with "no match", not accepting the cmd/launch /usr/sbin/syslogd -a 172.30.11.101/32:* -m 0 -u su: /usr/sbin/syslogd: No match. on a whim, escaping or quoting the * with either: /usr/sbin/syslogd -a 172.30.11.101/32:\* -m 0 -u or /usr/sbin/syslogd -a 172.30.11.101/32:"*" -m 0 -u gets the command accepted, and syslog launches, but it doesn't get any remote log entries. returning to a specific port spec: /usr/sbin/syslogd -a 172.30.11.101/32:2048 -m 0 -u and remote logging works again as expected, as long as the src port used remains (here) 2048 BOTTOM LINE: (1) manpage for OSX's syslogd is out of synch with its available options (2) the manpage implies that it's BSD's syslogd, but the BSD-specified "*" port wildcard is not supported. is this known? is there a workaround? richard _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.