On 8/7/2024 at 4:43 AM, xover2...@hush.com wrote: > >On 7/31/2024 at 7:49 AM, "RVP" <r...@sdf.org> wrote: >> >>On Tue, 30 Jul 2024, xover2...@hush.com wrote: >> >>> The addition of that line does not appear to have changed what >>was happening before that line was added. The syslog messages >from >>192.168.1.200 are still being received and are still being >>appended to /var/log/messages instead of /var/log/host1. >>> >> >>OK, can you add the hostname to the IP address. For example if >>192.168.1.200 >>shows up as `host1' in /var/log/messages, do: >> >>!* >>+192.168.1.200,host1 >>*.* /var/log/host1 >> >>That seems to do the trick most of the time (except for early >boot >>messages >>from the remote machine sent using logger(1), which are still >>logged to _both_ >>locations for some reason). >> >>I think this should also work (provided the "from" isn't a >literal >>IP >>address!): >> >>!* >>+host1 >>*.* /var/log/host1 >> >>But, I think the prev. version is better as it covers both >>possibilities. >> >>-RVP > > > > >Here is what an entry from the remote device (which is an HP >switch) appears as in /var/log/messages: > ><user.info>Aug 7 10:40:08 Aug -: 7 10:40:08 192.168.1.200-1 >USER_MGR[44365908]: user_mgr_util.c(1588) 5098 %% HTTP Session 30 >started for user admin connected from 192.168.1.210 > >There doesn't appear to be a hostname in that message, and I could >be wrong, but there's no place to set a hostname within the HP >switch's configuration. In the "System Information" section of the >"Dashboard" page on the HP switch, there is a "System Name (0 to >64 characters)" field which was empty, but setting it to "host1" >altered nothing in the syslog messages being sent to the NetBSD >server. > >In any case, I decided to append a line in /etc/hosts as follows: > >192.168.1.200 host1 > >and then altered the /etc/syslog.conf file so it appears as you >suggested above, as follows: > >!* >+192.168.1.200,host1 >*.* /var/log/host1 > >I rebooted the NetBSD server, but there is no change. I then >tried removing the IP address and the comma from the line in >/etc/syslog.conf, leaving just "+host1", and then rebooting, but >the same thing occurs with that as well. All messages coming from >192.168.1.200 are going into /var/log/messages instead of >/var/log/host1. > >As I indicated in an earlier post in this thread, I tried using an >example directly from the EXAMPLES section of the syslog.conf man >page, and it did not work. I believe there is something going >wrong with the syslog system and I'm going to submit a problem >report. > >Thanks for the suggestions so far. Further suggestions are still >welcome.
A bug report has been created and been given the designation 'bin/58558'.
