Re: Syslog.conf and remote logging from other devices to a NetBSD server

[xover2391%hush.com@localhost]

On 8/7/2024 at 4:43 AM, xover2391%hush.com@localhost wrote:
>
>On 7/31/2024 at 7:49 AM, "RVP" <rvp%SDF.ORG@localhost> wrote:
>>
>>On Tue, 30 Jul 2024, xover2391%hush.com@localhost wrote:
>>
>>> The addition of that line does not appear to have changed what 
>>was happening before that line was added. The syslog messages 
>from 
>>192.168.1.200 are still being received and are still being 
>>appended to /var/log/messages instead of /var/log/host1.
>>>
>>
>>OK, can you add the hostname to the IP address. For example if 
>>192.168.1.200
>>shows up as `host1' in /var/log/messages, do:
>>
>>!*
>>+192.168.1.200,host1
>>*.*		/var/log/host1
>>
>>That seems to do the trick most of the time (except for early 
>boot 
>>messages
>>from the remote machine sent using logger(1), which are still 
>>logged to _both_
>>locations for some reason).
>>
>>I think this should also work (provided the "from" isn't a 
>literal 
>>IP
>>address!):
>>
>>!*
>>+host1
>>*.*		/var/log/host1
>>
>>But, I think the prev. version is better as it covers both 
>>possibilities.
>>
>>-RVP
>
>
>
>
>Here is what an entry from the remote device (which is an HP 
>switch) appears as in /var/log/messages:
>
><user.info>Aug  7 10:40:08 Aug -:  7 10:40:08 192.168.1.200-1 
>USER_MGR[44365908]: user_mgr_util.c(1588) 5098 %% HTTP Session 30 
>started for user admin connected from 192.168.1.210
>
>There doesn't appear to be a hostname in that message, and I could 
>be wrong, but there's no place to set a hostname within the HP 
>switch's configuration. In the "System Information" section of the 
>"Dashboard" page on the HP switch, there is a "System Name (0 to 
>64 characters)" field which was empty, but setting it to "host1" 
>altered nothing in the syslog messages being sent to the NetBSD 
>server.
>
>In any case, I decided to append a line in /etc/hosts as follows:
>
>192.168.1.200                host1
>
>and then altered the /etc/syslog.conf file so it appears as you 
>suggested above, as follows:
>
>!*
>+192.168.1.200,host1
>*.*                                     /var/log/host1
>
>I rebooted the NetBSD server, but there is no change.  I then 
>tried removing the IP address and the comma from the line in 
>/etc/syslog.conf, leaving just "+host1", and then rebooting, but 
>the same thing occurs with that as well. All messages coming from 
>192.168.1.200 are going into /var/log/messages instead of 
>/var/log/host1.
>
>As I indicated in an earlier post in this thread, I tried using an 
>example directly from the EXAMPLES section of the syslog.conf man 
>page, and it did not work. I believe there is something going 
>wrong with the syslog system and I'm going to submit a problem 
>report.
>
>Thanks for the suggestions so far. Further suggestions are still 
>welcome.




A bug report has been created and been given the designation 'bin/58558'.