Re: bin/58558: syslog.conf(5) man page example does not work.

[" xover2391%hush.com@localhost via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR bin/58558; it has been noted by GNATS.

From: xover2391%hush.com@localhost
To: "RVP" <rvp%sdf.org@localhost>, gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/58558: syslog.conf(5) man page example does not work.
Date: Mon, 09 Sep 2024 01:50:18 +0000

 On 9/4/2024 at 7:45 AM, "RVP" <rvp%SDF.ORG@localhost> wrote:
 >
 >On Wed, 4 Sep 2024,  xover2391%hush.com@localhost via gnats wrote:
 >
 >> Many thanks for the suggestion, but it didn't work when I 
 >changed it to
 >>
 >>
 >> +192.168.1.200-1
 >> *.*                                             /var/log/host-
 >192.168.1.200
 >>
 >
 >Ah, I was afraid of that happening. With that weird hostname, it 
 >would have to
 >be just `+192' I guess (the domain names are discarded). Can you 
 >configure a
 >proper hostname on this switch?
 >
 >-RVP
 
 
 I don't believe so. The only place I can do anything like that is on the "home page" of the network switch (that page is called the "Dashboard") in the System Name field. However, I've tried entering something into that field previously, and the syslog message it sends to the NetBSD server still contains 192.168.1.200-1 in the message and no mention of what I entered into that field. This is in contrast to just one of the routers I have here (a Draytek Vigor model) where I can set the "Router Name" that then appears in the syslog messages it sends to the NetBSD server.
 
 Here is an example of that (the following messages are being saved to /var/log/host-192.168.1.207 because of the "+192.168.1.207" block specifier in /etc/syslog.conf):
 
 (With the Draytek "Router Name" set to blank, which is the factory default setting)
 <local2.info>Sep  9 10:50:29 192.168.1.207 Vigor: [WEB]System Reboot
 
 (And this is with the Draytek "Router Name" set to "draytek2024")
 <local2.info>Sep  9 10:53:11 192.168.1.207 draytek2024: [WEB]System Reboot
 
 
 Considering the NetBSD server was saving both of those messages to the same file and was effectively ignoring the Draytek hostname, I wondered if the fourth field (192.168.1.207) was what it was basing its decisions on. Once again, here is an example of a syslog message from the network switch:
 
 <user.info>Sep  9 11:23:37 Sep -:  9 11:23:37 192.168.1.200-1 USER_MGR[26109764]: user_mgr_util.c(1588) 1178 %% HTTP Session 8 started for user admin connected from 192.168.1.220
 
 So I changed the block specifier in /etc/syslog.conf from:
 
 +192.168.1.200
 
 to what is in the fourth field of this switch's syslog message:
 
 +Sep
 
 and now the syslog messages from the network switch are being saved in the /var/log/host-192.168.1.200 file.
 
 Obviously, this is not a good result for so many reasons, but it is a result nonetheless. I believe it also supports what you said early on that the syslog messages from this network switch seem to be malformed. I assume what you mean by that is that they do not conform to some RFC or IETF standard.
 
 I am going to look more closely at the fourth field from each of the seven routers I set up for this, the other network switch, and the Synology unit. I expect to find the IP address in the fourth field for each of the seven routers, but something else from the other network switch and the Synology unit, to explain why the syslog messages from the seven routers are being saved to their respective separate files, but the syslog messages from the other network switch and the Synology unit are not.