From nobody Tue Sep 17 11:06:28 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X7JrF72fPz594Wx for ; Tue, 17 Sep 2024 11:06:37 +0000 (UTC) (envelope-from mail@osfux.nl) Received: from vm1982.osfux.nl (vm1982.osfux.nl [79.99.187.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4X7JrF0TLsz4Cff for ; Tue, 17 Sep 2024 11:06:36 +0000 (UTC) (envelope-from mail@osfux.nl) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=osfux.nl header.s=default header.b=P8ma8+Ds; dmarc=pass (policy=reject) header.from=osfux.nl; spf=pass (mx1.freebsd.org: domain of mail@osfux.nl designates 79.99.187.212 as permitted sender) smtp.mailfrom=mail@osfux.nl Received: from vm1982.osfux.nl (localhost [127.0.0.1]) by vm1982.osfux.nl (Postfix) with ESMTP id 13C217F for ; Tue, 17 Sep 2024 13:06:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=osfux.nl; s=default; t=1726571189; bh=UOpat0X8w/Cy0ETwtZ7YF12mS7N36lmaSn9OuZHtRDE=; h=Date:To:From:Subject; b=P8ma8+DspoCRlFzQQg9ljfJjAqt9DYD/ARw/xs1EGA+ITMPoHsZDVKp9K9qjLJzfi SsFddwO43OKsho/53nZbFG3xGDDdYQ0imAO1zXm9DUXT4/3YtUI83Ji9gyPSJe47D7 cktzYS6RL7D6o5Rpz4yY1WvDUzWo/FLDGNrqAY7Rqvt8AJ5ohNNpmo/sqiuqS0DhFO CQsR/y5lfLDfRPIrMkL5UQWdSNwIEm7SO59aW9dKVVfFE7DqsiplDCWlpuCFsWtGJL caEVd7+Qj8FQN4XVHxe+7bqJVPLbhjW8HfIwzzTXXxmmoXzoI6fphNxpVyKoCFGwRp ICdYZ1qMzdXVtdDuxUSVsqb1ENKHjWE5hrtMGYtWS30OuKwA0fdye7xJoLnHufViSX sWVuXNr6xycYFFcvGk97zbM4fR1w98C3HswWyKZt5QGWLf7u9ChRDan8Eq0/gYYLBM GOPWEUM3a90SFv1/jut6erqvf8qwtoO9x7radlSsflmpl2QGKVHYpt5tqjmhK1fISe kfTRn1ORCrWEL4o0BTC1NN3Fjk7OMhjeu3RXaFl6gs0Xj/lz3KjrgX5WdRa9tDJad3 uTzbZP24OGqphB4Sjm/3ebUgEvolqTWAe4Cmvh1okKctO+EuPEu5e2cp+nkv71rQAP 12uiIt/5jIb70MSj8dY8lsjs= X-Spam-Status: No, score=0.0 required=5.0 tests=none shortcircuit=no X-Spam-Checker-Version: SpamAssassin 4.0.0 Received: from [0.0.0.0] (unknown [193.187.128.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by vm1982.osfux.nl (Postfix) with ESMTPSA for ; Tue, 17 Sep 2024 13:06:29 +0200 (CEST) Message-ID: Date: Tue, 17 Sep 2024 13:06:28 +0200 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: freebsd-stable@freebsd.org From: fuxjez Subject: issues with syslogd include redirecting wg0 output to custom location Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.99 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; DMARC_POLICY_ALLOW(-0.50)[osfux.nl,reject]; R_DKIM_ALLOW(-0.20)[osfux.nl:s=default]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:8315, ipnet:79.99.184.0/21, country:NL]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; DKIM_TRACE(0.00)[osfux.nl:+] X-Rspamd-Queue-Id: 4X7JrF0TLsz4Cff Hi, I'm experimenting with FreeBSD's 14.1's wireguard implementation. So far i've been quite satisfied with using it locally (over an unsecured network). I would like to set up a PoC using wg as a VPN provider (replacing openvpn) next. Before opening wireguard endpoints up for global connectivity I would like wireguard logs to be parsed by something like Fail2ban (so I can have pf ward off baddies). I've managed to get wireguards' logs into /var/log/messages by issueing: /sbin/ifconfig wg0 debug Since they are quite verbose and are polluting /var/log/messages, I'd like for them to land in /var/ramdisk_log/wireguard.log instead. I've instructing newsyslog to create the logfile : [root@system:/]# cat /var/ramdisk_log/wireguard.log Sep 17 00:27:36 system newsyslog[55203]: logfile first created [root@system:/]# ls -laht /var/ramdisk_log/wireguard.log -rw-rw---- 1 root wheel 66B Sep 17 00:27 /var/ramdisk_log/wireguard.log [root@system:/]# and have since attempted to redirect the "wg0" logs to /var/ramdisk_log/wireguard.log by using these syslog includes: :msg, contains, ".*wg0: .*" *.* /var/ramdisk_log/wireguard.log and :msg, regex, "wg[0-9]{1,2}\:\ " *.* /var/ramdisk_log/wireguard.log Unfortunately, the includes are not redirecting the wg0 logs to my preferred location (the includes are placed in /etc/syslog.d/wireguard.conf which is parsed by syslogd) and I'm out of ideas / logs on how to further troubleshoot why the logstream doesn't get redirected :( Im hoping somebody - a little better versed in syslog - could provide me with some insights / pointers... Feedback appreciated! ruben