Re: Syslog.conf and remote logging from other devices to a NetBSD server

[xover2391%hush.com@localhost]

On 8/7/2024 at 5:38 AM, xover2391%hush.com@localhost wrote:
>
>On 8/7/2024 at 4:43 AM, xover2391%hush.com@localhost wrote:
>>
>>On 7/31/2024 at 7:49 AM, "RVP" <rvp%SDF.ORG@localhost> wrote:
>>>
>>>On Tue, 30 Jul 2024, xover2391%hush.com@localhost wrote:
>>>
>>>> The addition of that line does not appear to have changed what 
>>>was happening before that line was added. The syslog messages 
>>from 
>>>192.168.1.200 are still being received and are still being 
>>>appended to /var/log/messages instead of /var/log/host1.
>>>>
>>>
>>>OK, can you add the hostname to the IP address. For example if 
>>>192.168.1.200
>>>shows up as `host1' in /var/log/messages, do:
>>>
>>>!*
>>>+192.168.1.200,host1
>>>*.*		/var/log/host1
>>>
>>>That seems to do the trick most of the time (except for early 
>>boot 
>>>messages
>>>from the remote machine sent using logger(1), which are still 
>>>logged to _both_
>>>locations for some reason).
>>>
>>>I think this should also work (provided the "from" isn't a 
>>literal 
>>>IP
>>>address!):
>>>
>>>!*
>>>+host1
>>>*.*		/var/log/host1
>>>
>>>But, I think the prev. version is better as it covers both 
>>>possibilities.
>>>
>>>-RVP
>>
>>
>>
>>
>>Here is what an entry from the remote device (which is an HP 
>>switch) appears as in /var/log/messages:
>>
>><user.info>Aug  7 10:40:08 Aug -:  7 10:40:08 192.168.1.200-1 
>>USER_MGR[44365908]: user_mgr_util.c(1588) 5098 %% HTTP Session 30 
>>started for user admin connected from 192.168.1.210
>>
>>There doesn't appear to be a hostname in that message, and I 
>could 
>>be wrong, but there's no place to set a hostname within the HP 
>>switch's configuration. In the "System Information" section of 
>the 
>>"Dashboard" page on the HP switch, there is a "System Name (0 to 
>>64 characters)" field which was empty, but setting it to "host1" 
>>altered nothing in the syslog messages being sent to the NetBSD 
>>server.
>>
>>In any case, I decided to append a line in /etc/hosts as follows:
>>
>>192.168.1.200                host1
>>
>>and then altered the /etc/syslog.conf file so it appears as you 
>>suggested above, as follows:
>>
>>!*
>>+192.168.1.200,host1
>>*.*                                     /var/log/host1
>>
>>I rebooted the NetBSD server, but there is no change.  I then 
>>tried removing the IP address and the comma from the line in 
>>/etc/syslog.conf, leaving just "+host1", and then rebooting, but 
>>the same thing occurs with that as well. All messages coming from 
>>192.168.1.200 are going into /var/log/messages instead of 
>>/var/log/host1.
>>
>>As I indicated in an earlier post in this thread, I tried using 
>an 
>>example directly from the EXAMPLES section of the syslog.conf man 
>>page, and it did not work. I believe there is something going 
>>wrong with the syslog system and I'm going to submit a problem 
>>report.
>>
>>Thanks for the suggestions so far. Further suggestions are still 
>>welcome.
>
>
>
>
>A bug report has been created and been given the designation 
>'bin/58558'.

Additional comments have been provided in bug report 58558.