Re: Syslog.conf and remote logging from other devices to a NetBSD server

To: "RVP" <rvp%sdf.org@localhost>
Subject: Re: Syslog.conf and remote logging from other devices to a NetBSD server
From: xover2391%hush.com@localhost
Date: Wed, 07 Aug 2024 04:43:18 +0000

On 7/31/2024 at 7:49 AM, "RVP" <rvp%SDF.ORG@localhost> wrote:
>
>On Tue, 30 Jul 2024, xover2391%hush.com@localhost wrote:
>
>> The addition of that line does not appear to have changed what 
>was happening before that line was added. The syslog messages from 
>192.168.1.200 are still being received and are still being 
>appended to /var/log/messages instead of /var/log/host1.
>>
>
>OK, can you add the hostname to the IP address. For example if 
>192.168.1.200
>shows up as `host1' in /var/log/messages, do:
>
>!*
>+192.168.1.200,host1
>*.*		/var/log/host1
>
>That seems to do the trick most of the time (except for early boot 
>messages
>from the remote machine sent using logger(1), which are still 
>logged to _both_
>locations for some reason).
>
>I think this should also work (provided the "from" isn't a literal 
>IP
>address!):
>
>!*
>+host1
>*.*		/var/log/host1
>
>But, I think the prev. version is better as it covers both 
>possibilities.
>
>-RVP

Here is what an entry from the remote device (which is an HP switch) appears as in /var/log/messages:

<user.info>Aug  7 10:40:08 Aug -:  7 10:40:08 192.168.1.200-1 USER_MGR[44365908]: user_mgr_util.c(1588) 5098 %% HTTP Session 30 started for user admin connected from 192.168.1.210

There doesn't appear to be a hostname in that message, and I could be wrong, but there's no place to set a hostname within the HP switch's configuration. In the "System Information" section of the "Dashboard" page on the HP switch, there is a "System Name (0 to 64 characters)" field which was empty, but setting it to "host1" altered nothing in the syslog messages being sent to the NetBSD server.

In any case, I decided to append a line in /etc/hosts as follows:

192.168.1.200                host1

and then altered the /etc/syslog.conf file so it appears as you suggested above, as follows:

!*
+192.168.1.200,host1
*.*                                     /var/log/host1

I rebooted the NetBSD server, but there is no change.  I then tried removing the IP address and the comma from the line in /etc/syslog.conf, leaving just "+host1", and then rebooting, but the same thing occurs with that as well. All messages coming from 192.168.1.200 are going into /var/log/messages instead of /var/log/host1.

As I indicated in an earlier post in this thread, I tried using an example directly from the EXAMPLES section of the syslog.conf man page, and it did not work. I believe there is something going wrong with the syslog system and I'm going to submit a problem report.

Thanks for the suggestions so far. Further suggestions are still welcome.

Follow-Ups:
- Re: Syslog.conf and remote logging from other devices to a NetBSD server
  - From: xover2391

References:
- Syslog.conf and remote logging from other devices to a NetBSD server
  - From: xover2391
- Re: Syslog.conf and remote logging from other devices to a NetBSD server
  - From: RVP
- Re: Syslog.conf and remote logging from other devices to a NetBSD server
  - From: xover2391
- Re: Syslog.conf and remote logging from other devices to a NetBSD server
  - From: RVP

Prev by Date: Problems with stunnel segfaulting on every connection
Next by Date: Re: Syslog.conf and remote logging from other devices to a NetBSD server
Previous by Thread: Re: Syslog.conf and remote logging from other devices to a NetBSD server
Next by Thread: Re: Syslog.conf and remote logging from other devices to a NetBSD server
Indexes:

Home | Main Index | Thread Index | Old Index