Re: Problems with syslog.conf

To: netbsd-users%netbsd.org@localhost
Subject: Re: Problems with syslog.conf
From: jgw%sdf.org@localhost
Date: Sun, 20 Mar 2016 16:13:58 -0700

jmitchel <jmitchel%mail.bigjar.com@localhost> wrote:

> I'm trying to set up syslog to accept logging from 20+ routing devices. 
> I"m including a redacted version of my syslog.conf file below. The 
> problem is that any logging coming from one of the IP addresses (A.B.C.D 
> for example) gets logged to every log file.
>
> I'm new to setting up syslog this way, so it's quite possible I'm 
> missing something obvious. Hopefully someone can help.
> ..
> .. redacted syslog.conf file:
>
> +127.0.0.1
> ..
>
> +A.B.C.D
> *.*                                             /var/log/logfile1
>
> ... continues for 20+ entries

Hi,
I've run into NetBSD syslog.conf weirdness in the past so I was curious
enough about your issue to do some testing on my own.  The following seems
to work for generic external hosts writing to netbsd syslogd launched from
/etc/rc.conf like so:

  host0> egrep syslogd /etc/rc.conf
  # allow syslogd to listen on LAN IPv4 IP, UDP port 514:
  syslogd=YES
  syslogd_flags="-b 192.168.1.10"

I tested from the various hosts (Linux) using netcat - nc(1) - like so:

  host1> echo "This is $(hostname) test #" | nc -uv -w 10 192.168.1.10 514
  Connection to 192.168.1.10 514 port [udp/syslog] succeeded!


Here's the pertinent /etc/syslog.conf bits; I tried it without the '!*'
too (per your example) and it still seems to work okay:

  ## keeping host[123] entries out of /var/log/messages:
  -host1,host2,host3

  *.err;kern.*;auth.notice;authpriv.none;mail.crit        /dev/console

  ## ** snipped stock /etc/syslog.conf stuff **

  ## Save host1 log messages to /var/log/host1.log:
  !*
  +host1
  *.*                                                /var/log/host1.log

  ## Save host2 log messages to /var/log/host2.log:
  !*
  +host2
  *.*                                                /var/log/host2.log

  ## Save host3 log messages to /var/log/host3.log:
  !*
  +host3
  *.*                                                /var/log/host3.log


The LAN hosts are all listed in /etc/hosts; NetBSD's syslogd seems only
able to read primary aliases:

  host0> egrep "host[123]" /etc/hosts
  192.168.1.11    host1       host-one
  192.168.1.12    host2       host-two
  192.168.1.13    host3       host-three


The various LAN host log entries:

host0> tail -n3 /var/log/host[123].log
==> /var/log/host1.log <==
Mar 20 14:50:46 host1 -: This is host-one test 1
Mar 20 14:51:44 host1 -: This is host-one test 2
Mar 20 15:04:02 host1 -: This is host-one test 3

==> /var/log/host2.log <==
Mar 20 15:05:07 host2 -: This is host-two test 1
Mar 20 15:05:14 host2 -: This is host-two test 2
Mar 20 15:06:02 host2 -: This is host-two test 3

==> /var/log/host3.log <==
Mar 20 15:12:06 host3 -: This is host-three test 1
Mar 20 15:12:24 host3 -: This is host-three test 2
Mar 20 15:13:32 host3 -: This is host-three test 3


The NetBSD system hosting syslogd is fairly stock -current snapshot:
host0> uname -v | fmt 30
NetBSD 7.99.25 (GENERIC.201601140500Z)
#0: Thu Jan 14 06:35:55 UTC 2016
builds%b45.netbsd.org@localhost:/home/builds/ab/HEAD/i386/201601140500Z-obj/..

One thing I noticed is that Linux logger(1) tool apparently does not send
it's messages properly formatted for NetBSD's syslogd and it's messages
get logged in /var/log/messages as they appear to originate locally; not
sure if that's a bug or a feature..

Hope this helps,
Jeff

References:
- Problems with syslog.conf
  - From: jmitchel

Prev by Date: Re: Automatic switching between PPP, LAN, WLAN
Next by Date: Per-user/group memory limits
Previous by Thread: Problems with syslog.conf
Next by Thread: Per-user/group memory limits
Indexes:

Home | Main Index | Thread Index | Old Index