Re: bin/58558: syslog.conf(5) man page example does not work.

[" RVP via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR bin/58558; it has been noted by GNATS.

From: RVP <rvp%SDF.ORG@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: xover2391%hush.com@localhost
Subject: Re: bin/58558: syslog.conf(5) man page example does not work.
Date: Wed, 4 Sep 2024 07:22:07 +0000 (UTC)

 On Wed, 4 Sep 2024,  xover2391%hush.com@localhost via gnats wrote:
 
 > I still want to extend things so that each remote host/device has its syslog messages put into a separate file, so I tried replacing the "-@" line with "+192.168.1.200". After doing that (and rebooting the NetBSD server) the syslog messages from 192.168.1.200 are not saved anywhere. Clearly, those messages are not local, but they are also not identified as "being from" 192.168.1.200. So I changed the line back to "-@" and ran the tcpdump command you mentioned above.
 >
 > netbsd1# tcpdump -Alnt -i re0 host 192.168.1.200 and udp dst port syslog
 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 > listening on re0, link-type EN10MB (Ethernet), capture size 262144 bytes
 > IP 192.168.1.200.514 > 192.168.1.100.514: SYSLOG user.info, length: 154
 > E.....@.@.................k.<14> Sep  4 14:57:10 192.168.1.200-1 USER_MGR[44365908]: user_mgr_util.c(1638) 9758 %% HTTP Session 46 ended for user admin connected from 192.168.1.210
 > .
 > ^C
 
 The "hostname" is `192.168.1.200-1', so:
 
 > # HP network switch
 > +192.168.1.200
 > *.*						/var/log/host-192.168.1.200
 >
 
 ```
 # HP network switch
 +192.168.1.200-1				/var/log/host-192.168.1.200
 ```
 
 Because IP addresses can change, the RFCs prefer to use either a hostname
 or some other unique token to key on.
 
 Not sure what syslogd does when the hostname is `-' (unspecified). I'll have
 to look at the code. Maybe this weekend...
 
 -RVP