On 7/31/2024 at 7:49 AM, "RVP" <r...@sdf.org> wrote: > >On Tue, 30 Jul 2024, xover2...@hush.com wrote: > >> The addition of that line does not appear to have changed what >was happening before that line was added. The syslog messages from >192.168.1.200 are still being received and are still being >appended to /var/log/messages instead of /var/log/host1. >> > >OK, can you add the hostname to the IP address. For example if >192.168.1.200 >shows up as `host1' in /var/log/messages, do: > >!* >+192.168.1.200,host1 >*.* /var/log/host1 > >That seems to do the trick most of the time (except for early boot >messages >from the remote machine sent using logger(1), which are still >logged to _both_ >locations for some reason). > >I think this should also work (provided the "from" isn't a literal >IP >address!): > >!* >+host1 >*.* /var/log/host1 > >But, I think the prev. version is better as it covers both >possibilities. > >-RVP
Here is what an entry from the remote device (which is an HP switch) appears as in /var/log/messages: <user.info>Aug 7 10:40:08 Aug -: 7 10:40:08 192.168.1.200-1 USER_MGR[44365908]: user_mgr_util.c(1588) 5098 %% HTTP Session 30 started for user admin connected from 192.168.1.210 There doesn't appear to be a hostname in that message, and I could be wrong, but there's no place to set a hostname within the HP switch's configuration. In the "System Information" section of the "Dashboard" page on the HP switch, there is a "System Name (0 to 64 characters)" field which was empty, but setting it to "host1" altered nothing in the syslog messages being sent to the NetBSD server. In any case, I decided to append a line in /etc/hosts as follows: 192.168.1.200 host1 and then altered the /etc/syslog.conf file so it appears as you suggested above, as follows: !* +192.168.1.200,host1 *.* /var/log/host1 I rebooted the NetBSD server, but there is no change. I then tried removing the IP address and the comma from the line in /etc/syslog.conf, leaving just "+host1", and then rebooting, but the same thing occurs with that as well. All messages coming from 192.168.1.200 are going into /var/log/messages instead of /var/log/host1. As I indicated in an earlier post in this thread, I tried using an example directly from the EXAMPLES section of the syslog.conf man page, and it did not work. I believe there is something going wrong with the syslog system and I'm going to submit a problem report. Thanks for the suggestions so far. Further suggestions are still welcome.
