Re: bin/58558: syslog.conf(5) man page example does not work.

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,xover2391%hush.com@localhost
Subject: Re: bin/58558: syslog.conf(5) man page example does not work.
From: " xover2391%hush.com@localhost via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Wed, 4 Sep 2024 07:40:01 +0000 (UTC)

The following reply was made to PR bin/58558; it has been noted by GNATS.

From: xover2391%hush.com@localhost
To: "RVP" <rvp%sdf.org@localhost>, gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/58558: syslog.conf(5) man page example does not work.
Date: Wed, 04 Sep 2024 07:37:02 +0000

 On 9/4/2024 at 7:22 AM, "RVP" <rvp%SDF.ORG@localhost> wrote:
 >
 >On Wed, 4 Sep 2024,  xover2391%hush.com@localhost via gnats wrote:
 >
 >> I still want to extend things so that each remote host/device 
 >has its syslog messages put into a separate file, so I tried 
 >replacing the "-@" line with "+192.168.1.200". After doing that 
 >(and rebooting the NetBSD server) the syslog messages from 
 >192.168.1.200 are not saved anywhere. Clearly, those messages are 
 >not local, but they are also not identified as "being from" 
 >192.168.1.200. So I changed the line back to "-@" and ran the 
 >tcpdump command you mentioned above.
 >>
 >> netbsd1# tcpdump -Alnt -i re0 host 192.168.1.200 and udp dst 
 >port syslog
 >> tcpdump: verbose output suppressed, use -v or -vv for full 
 >protocol decode
 >> listening on re0, link-type EN10MB (Ethernet), capture size 
 >262144 bytes
 >> IP 192.168.1.200.514 > 192.168.1.100.514: SYSLOG user.info, 
 >length: 154
 >> E.....@.@.................k.<14> Sep  4 14:57:10 192.168.1.200-1 
 >USER_MGR[44365908]: user_mgr_util.c(1638) 9758 %% HTTP Session 46 
 >ended for user admin connected from 192.168.1.210
 >> .
 >> ^C
 >
 >The "hostname" is `192.168.1.200-1', so:
 >
 >> # HP network switch
 >> +192.168.1.200
 >> *.*						/var/log/host-192.168.1.200
 >>
 >
 >```
 ># HP network switch
 >+192.168.1.200-1				/var/log/host-192.168.1.200
 >```
 >
 >Because IP addresses can change, the RFCs prefer to use either a 
 >hostname
 >or some other unique token to key on.
 >
 >Not sure what syslogd does when the hostname is `-' (unspecified). 
 >I'll have
 >to look at the code. Maybe this weekend...
 >
 >-RVP
 
 
 Many thanks for the suggestion, but it didn't work when I changed it to
 
 
 +192.168.1.200-1
 *.*                                             /var/log/host-192.168.1.200
 
 
 The syslog messages from the HP network switch are still being saved to /var/log/foreign but there's nothing in /var/log/host-192.168.1.200

Prev by Date: Re: bin/58558: syslog.conf(5) man page example does not work.
Next by Date: Re: bin/58558: syslog.conf(5) man page example does not work.
Previous by Thread: Re: bin/58558: syslog.conf(5) man page example does not work.
Next by Thread: Re: bin/58558: syslog.conf(5) man page example does not work.
Indexes:

Home | Main Index | Thread Index | Old Index