I wanted to log everything from my servers and router to a singer server to make it easier to keep up. Here are the steps I went through.

Edit syslog.conf

I'm using bonobo.local as my syslog server. Start by editting /etc/syslog.conf. At the first line that isn't a comment (first line that doesn't start with a #) insert +<servername><return> so for me I added +bonobo.local

#$FreeBSD: src/etc/syslog.conf
+bonobo.local
*.err;kern.debug;auth.notice;mail.crit          /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.info                                       /var/log/maillog
... <snip> ...
!ppp
*.*                                             /var/log/ppp.log

then at the bottom of the file add the name of the client machine, for me this was hypnotoad.local:

!*
+hypnotoad.local
*.*                                             /var/log/hypnotoad.log

there are some funny characters in here that complicate matters.

!* resets the target. A few lines up the default syslog.conf has the line !ppp this tells the syslog daemon that all the following rules only apply to ppp messages. Putting !* tells the syslog daemon that all the following rules match all messages.

+hypnotoad.local tells the syslog daemon that the following rules relate to the machine mentioned.

*.* <tab> <filename> tells the syslog daemon to log anything from the afore mentioned machine to the logfile 'filename'

For security reasons the syslog daemon won't start appending (logging) to a file that DOESN'T exist when it starts so you must create the files before restarting the syslog daemon.

sudo touch /etc/log/hypnotoad.log

Edit /etc/rc.conf

edit /etc/rc.conf and append the line

syslogd_flags=""

This looks odd. Why deliberately pass in empty flags? Because /etc/defaults/rc.conf has

syslogd_flags="-s"

The -s option stops syslog from listening for external logging messages. This caught me out first time I tried to do this

Now restart syslog

sudo /etc/rc.d/syslogd restart

you should see a few lines about syslog stopping and starting again.

Setting up the clients

On each client make a backup of the original /etc/syslog.conf file and edit the original to include a single line

#$FreeBSD: src/etc/syslog.conf
*.*     @bonobo.local

replacing bonobo.local with the name / ip address of your logging server. restart your syslog server:

sudo /etc/rc.d/syslogd restart

try out the logging with

logger "hello from my syslog client"

the message "hello from my syslog client" should appear in the syslog servers log file for the machine you are changing.