Date: Tue, 17 Sep 2024 14:38:27 +0200 From: fuxjez <mail@osfux.nl> To: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-stable@freebsd.org Subject: Re: issues with syslogd include redirecting wg0 output to custom location Message-ID: <4250c967-61c7-419a-b542-455a8f655dd1@osfux.nl> In-Reply-To: <ea1b110e-2605-4b81-8eb8-df4e79821c17@quip.cz> References: <f1eb51eb-6934-4717-bca5-31f24a6988d1@osfux.nl> <ea1b110e-2605-4b81-8eb8-df4e79821c17@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Miroslav,
Thank you for your suggestion. I got the property based filtering from
the manpage. The entries in /var/log/messages look like these:
wg0: Sending handshake response to peer 1
wg0: Receiving keepalive packet from peer 1
wg0: Sending keepalive packet to peer 1
wg0: Sending keepalive packet to peer 1
wg0: Sending keepalive packet to peer 1
wg0: Receiving handshake initiation from peer 0
wg0: Sending handshake response to peer 0
wg0: Sending keepalive packet to peer 0
wg0: Sending keepalive packet to peer 1
wg0: Receiving handshake initiation from peer 1
wg0: Sending handshake response to peer 1
wg0: Sending keepalive packet to peer 1
replacing:
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
in - /etc/syslog.conf - with:
!-wg0
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
!wg0
*.*
/var/ramdisk_log/wireguard.log
does redirect the logstream perfectly.
Thank you for your suggestion :)
Regards,
ruben
On 9/17/24 14:09, Miroslav Lachman wrote:
> On 17/09/2024 13:06, fuxjez wrote:
>
> [..]
>
>> and have since attempted to redirect the "wg0" logs to /var/
>> ramdisk_log/wireguard.log by using these syslog includes:
>>
>> :msg, contains, ".*wg0: .*"
>> *.* /var/ramdisk_log/wireguard.log
>>
>> and
>>
>> :msg, regex, "wg[0-9]{1,2}\:\ "
>> *.* /var/ramdisk_log/wireguard.log
>>
>> Unfortunately, the includes are not redirecting the wg0 logs to my
>> preferred location (the includes are placed in /etc/syslog.d/
>> wireguard.conf which is parsed by syslogd) and I'm out of ideas / logs
>> on how to further troubleshoot why the logstream doesn't get
>> redirected :(
>
> I never used property based filters in syslog.conf.
> Is it possible for you to use just classic style?
> For example I use following to have separate log file for messages from
> pkg (install / upgrade / delete):
>
> !-pkg,pkg-static
> *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/
> messages
>
> !pkg,pkg-static
> *.* /var/log/pkg.log
>
> But I don't know how your wg0 debug entries are identified in the
> messages log.
>
> Kind regards
> Miroslav Lachman
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4250c967-61c7-419a-b542-455a8f655dd1>