From nobody Tue Sep 17 12:38:27 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X7LtP2YDxz59J5R for ; Tue, 17 Sep 2024 12:38:37 +0000 (UTC) (envelope-from mail@osfux.nl) Received: from vm1982.osfux.nl (vm1982.osfux.nl [IPv6:2a03:5500:1724:55:79:99:187:212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4X7LtP0Htzz4SFk for ; Tue, 17 Sep 2024 12:38:36 +0000 (UTC) (envelope-from mail@osfux.nl) Authentication-Results: mx1.freebsd.org; none Received: from vm1982.osfux.nl (localhost [127.0.0.1]) by vm1982.osfux.nl (Postfix) with ESMTP id 03FD87F; Tue, 17 Sep 2024 14:38:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=osfux.nl; s=default; t=1726576708; bh=9GyX3YaAiOju9nX+q/SXua/t3769sCVHrcVdVQSEMho=; h=Date:Subject:To:References:From:In-Reply-To; b=gtx4Dea4QLSE0NcmxBNGr6KYTXHbj/SjRZX2ER2eFQu5hX4xPnVof1GzRRlv4fSlh 4fVLci95AjUV4jT+OMf5SqvuNCcUx0NBkoygUaq1MX2fbZ3DMb/hPyfDkr/FD151ld S1y8NKs6NiHJenokEyqoomyZxsIVKWivI7nIeEmc5e/ycPjSvbTM8C30QkeltktXqa 1w/e1f5Af/7G9ikeFTCAUN+C5vGDYaoO5TRB9k8frrFsvc/qK+I/42zrsE4bCOXZQZ +zbpzEqyxOxiaPyDY20cdjFyg8YjJP46o3xG0IYoeOg7Ky+5ZnlxCnikhOtGA+hbcN C/QVyEMfyVdjfRl8JJpWYINZx1RkzugwntsEO+CpWfi/aipkE+gkEO7I9ilYf8VBaR BoQumtNMqpXEqGodV8hzdosPVaVagzzOPkSPKol8n0ZlDTnay0k2f0B7NOkMGNBiA2 F5/449K3/sT+dQcCp1ZRx3d2rLa+1p/zdam8y97Slr8eIW2W88BtDZosvEqLpQN0Nb +3ZzCmxMYnQA/pk8zx/hWmBGmOE0QKkVyYzoYppj43xr5r3Tv3tIssZmATZnMlXBvX k19FEHyvgwZQZsiP1yvb7rNTZ1nPU7gZH1eCVuypj3AgOPqGhfUl7/a3tVB3muqgmA OyeRPFB1pl1vEqDgVLyZtt+4= X-Spam-Status: No, score=0.0 required=5.0 tests=none shortcircuit=no X-Spam-Checker-Version: SpamAssassin 4.0.0 Received: from [0.0.0.0] (unknown [193.187.128.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by vm1982.osfux.nl (Postfix) with ESMTPSA; Tue, 17 Sep 2024 14:38:27 +0200 (CEST) Message-ID: <4250c967-61c7-419a-b542-455a8f655dd1@osfux.nl> Date: Tue, 17 Sep 2024 14:38:27 +0200 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: issues with syslogd include redirecting wg0 output to custom location To: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-stable@freebsd.org References: Content-Language: en-US From: fuxjez In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8315, ipnet:2a03:5500::/31, country:NL] X-Rspamd-Queue-Id: 4X7LtP0Htzz4SFk Hi Miroslav, Thank you for your suggestion. I got the property based filtering from the manpage. The entries in /var/log/messages look like these: wg0: Sending handshake response to peer 1 wg0: Receiving keepalive packet from peer 1 wg0: Sending keepalive packet to peer 1 wg0: Sending keepalive packet to peer 1 wg0: Sending keepalive packet to peer 1 wg0: Receiving handshake initiation from peer 0 wg0: Sending handshake response to peer 0 wg0: Sending keepalive packet to peer 0 wg0: Sending keepalive packet to peer 1 wg0: Receiving handshake initiation from peer 1 wg0: Sending handshake response to peer 1 wg0: Sending keepalive packet to peer 1 replacing: *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages in - /etc/syslog.conf - with: !-wg0 *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages !wg0 *.* /var/ramdisk_log/wireguard.log does redirect the logstream perfectly. Thank you for your suggestion :) Regards, ruben On 9/17/24 14:09, Miroslav Lachman wrote: > On 17/09/2024 13:06, fuxjez wrote: > > [..] > >> and have since attempted to redirect the "wg0" logs to /var/ >> ramdisk_log/wireguard.log by using these syslog includes: >> >> :msg, contains, ".*wg0: .*" >> *.*                                /var/ramdisk_log/wireguard.log >> >> and >> >> :msg, regex, "wg[0-9]{1,2}\:\ " >> *.*                                /var/ramdisk_log/wireguard.log >> >> Unfortunately, the includes are not redirecting the wg0 logs to my >> preferred location (the includes are placed in /etc/syslog.d/ >> wireguard.conf which is parsed by syslogd) and I'm out of ideas / logs >> on how to further troubleshoot why the logstream doesn't get >> redirected :( > > I never used property based filters in syslog.conf. > Is it possible for you to use just classic style? > For example I use following to have separate log file for messages from > pkg (install / upgrade / delete): > > !-pkg,pkg-static > *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/ > messages > > !pkg,pkg-static > *.*                                  /var/log/pkg.log > > But I don't know how your wg0 debug entries are identified in the > messages log. > > Kind regards > Miroslav Lachman > >