Problems with syslog.conf

[jmitchel <jmitchel%mail.bigjar.com@localhost>]

Hello,

I'm trying to set up syslog to accept logging from 20+ routing devices. 
I"m including a redacted version of my syslog.conf file below. The 
problem is that any logging coming from one of the IP addresses (A.B.C.D 
for example) gets logged to every log file.

I'm new to setting up syslog this way, so it's quite possible I'm 
missing something obvious. Hopefully someone can help.

Running in debugging mode produces this output:

2016-03-18T13:03:50.608407-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:logmsg:1813 
       logmsg: buffer@0xbb755240, pri 0276/190, flags 0x20, timestamp 
"Mar 18 13:03:50", from "64.245.164.2", sd "(null)", msg "35784: Mar 18 
13:03:49.569: %SEC-6-IPACCESSLOGP: list 2002 denied udp 
A.G.40.184(64472) -> 172.21.84.97(161), 15 packets  "
2016-03-18T13:03:50.608515-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:fprintlog:2136 
    fprintlog(0xbb74d000, 0xbb755240, 0x0)
2016-03-18T13:03:50.608641-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:format_buffer:1973 
format_buffer(0xbb755240)
2016-03-18T13:03:50.608724-04:00:/usr/src/usr.sbin/syslogd/sign.c:sign_get_sg:0598 
     sign_get_sg(190, 0xbb74d000) --> 0x0
2016-03-18T13:03:50.608795-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:fprintlog:2401 
    Logging to FILE /var/log/messages
2016-03-18T13:03:50.608897-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:fprintlog:2136 
    fprintlog(0xbb751800, 0xbb755240, 0x0)
2016-03-18T13:03:50.608971-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:format_buffer:1973 
format_buffer(0xbb755240)
2016-03-18T13:03:50.609043-04:00:/usr/src/usr.sbin/syslogd/sign.c:sign_get_sg:0598 
     sign_get_sg(190, 0xbb751800) --> 0x0
2016-03-18T13:03:50.609112-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:fprintlog:2401 
    Logging to FILE /var/log/logfile1
2016-03-18T13:03:50.609219-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:fprintlog:2136 
    fprintlog(0xbb752000, 0xbb755240, 0x0)
2016-03-18T13:03:50.609297-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:format_buffer:1973 
format_buffer(0xbb755240)
2016-03-18T13:03:50.609369-04:00:/usr/src/usr.sbin/syslogd/sign.c:sign_get_sg:0598 
     sign_get_sg(190, 0xbb752000) --> 0x0
2016-03-18T13:03:50.609438-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:fprintlog:2401 
    Logging to FILE /var/log/logfile2
2016-03-18T13:03:50.671918-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:fprintlog:2136 
    fprintlog(0xbb752800, 0xbb755240, 0x0)


followed by a bunch of lines like this:

2016-03-18T13:04:55.805391-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:message_queue_purge:4344 
  purge_message_queue(0xbb750800, 0, 2) with f_qelements=0 and f_qsize=0
2016-03-18T13:04:55.805488-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:message_queue_purge:4344 
  purge_message_queue(0xbb751000, 0, 2) with f_qelements=0 and f_qsize=0
2016-03-18T13:04:55.805576-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:message_queue_purge:4344 
  purge_message_queue(0xbb751800, 0, 2) with f_qelements=0 and f_qsize=0
2016-03-18T13:04:55.805652-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:message_queue_purge:4344 
  purge_message_queue(0xbb752000, 0, 2) with f_qelements=0 and f_qsize=0
2016-03-18T13:04:55.805726-04:00:/usr/src/usr.sbin/syslogd/syslogd.c:message_queue_purge:4344 
  purge_message_queue(0xbb752800, 0, 2) with f_qelements=0 and f_qsize=0

Anyway, hope this information helps. The syslog.conf file is below.

Thanks in advance,

Jason M.

P.S. I'm not currently subscribed to netbsd-users, so please copy me on 
any messages. Thanks!



+127.0.0.1
*.err;kern.*;auth.notice;authpriv.none;mail.crit        /dev/console
*.info;auth,authpriv,cron,ftp,kern,lpr,mail.none        
/var/log/messages
kern.debug                                              
/var/log/messages

# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
auth,authpriv.info                                      /var/log/authlog

cron.info                                               /var/cron/log
ftp.info                                                /var/log/xferlog
lpr.info                                                
/var/log/lpd-errs
mail.info                                               /var/log/maillog
#uucp.info                                              
/var/spool/uucp/ERRORS

*.emerg                                                 *
*.notice                                                root

+A.B.C.D
*.*                                             /var/log/logfile1

+E.F.G.H
*.*                                             /var/log/logfile2

+I.J.K.L
*.*                                             /var/log/logfile3

+M.N.O.P
*.*                                             /var/log/logfile4

... continues for 20+ entries