bin/58558: syslog.conf(5) man page example does not work.

[xover2391%hush.com@localhost]

>Number:         58558
>Category:       bin
>Synopsis:       syslog.conf(5) man page example does not work.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 07 05:35:00 +0000 2024
>Originator:     Archie
>Release:        10.0
>Organization:
>Environment:
NetBSD  10.0 NetBSD 10.0 (GENERIC) #0: Thu Mar 28 08:33:33 UTC 2024  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
I have been trying to get syslogd to save messages sent to it from a remote device, to a separate file. I created the following thread in the netbsd-sers mailing list to ask for assistance:

https://mail-index.netbsd.org/netbsd-users/2024/07/24/msg031511.html

Some suggestions were provided, but did not resolve the issue. I then tried to use an example from the EXAMPLES section of the syslog.conf(5) man page, which did not work as expected. I documented what I did in the following post of the same thread:

https://mail-index.netbsd.org/netbsd-users/2024/07/31/msg031578.html

Here is a copy of the text in that post:

**********************************************************************
I decided to try one of the examples given near the end of the syslog.conf(5) man page. I removed the alterations I had made to the /etc/syslog.conf file, and appended the following example instead:

# Save non-local log messages from all programs to a separate file.
!*
-@
*.*                                     /var/log/foreign

I then created the /var/log/foreign file with:

touch /var/log/foreign

Lastly, I rebooted the NetBSD server and logged in.

The /var/log/messages file contained the usual stuff, but also the messages from the remote device (192.168.1.200) which I was not expecting.

The /var/log/foreign file contained everything logged in /var/log/messages, /var/log/maillog, /var/log/authlog, and the messages from the remote device (192.168.1.200). Definitely wasn't expecting that.

So, unless I'm doing something very wrong, something with the syslog system doesn't seem to be working as it should.
**********************************************************************

The problem I was originally trying to solve (having the syslog messages from a remote device written to a separate file) and the problem with the example from the EXAMPLES section of the syslog.conf(5) man page might be interconnected. Solving one might solve the other.
>How-To-Repeat:
- Configure a device to send syslog messages to the IP address of the NetBSD server (192.168.1.100). In my case it was a HP network/ethernet switch with the latest available firmware.

- Perform a fresh install of NetBSD 10/amd64.

- Append the following line to rc.conf:

syslogd_flags="-n -S -T -v -v"

- Create a suitable /etc/ifconfig.<if> file on the NetBSD server. In my case it was ifconfig.re0 and its contents were:

inet 192.168.1.100 netmask 0xffffff00 tso4 ip4csum udp4csum tcp4csum

- Append the following (taken from the EXAMPLES section of the syslog.conf(5) man page) to the /etc/syslog.conf file:

# Save non-local log messages from all programs to a separate file.
!*
-@
*.*                                     /var/log/foreign

- Create the required file manually (in case syslogd wouldn't)

# touch /var/log/foreign

- Reboot the NetBSD server.

- Login and inspect the recently written /var/log files.
- /var/log/messages contains syslog messages from the remote device, which it shouldn't have.
- /var/log/foreign contains syslog messages from the remote device, but it also contains everything logged in /var/log/messages, /var/log/maillog, /var/log/authlog, and /var/log/cron, which it shouldn't have.

>Fix: