issues with syslogd include redirecting wg0 output to custom location

Hi,

I'm experimenting with FreeBSD's 14.1's wireguard implementation.

So far i've been quite satisfied with using it locally (over an 
unsecured network). I would like to set up a PoC using wg as a VPN 
provider (replacing openvpn) next.

Before opening wireguard endpoints up for global connectivity I would 
like wireguard logs to be parsed by something like Fail2ban (so I can 
have pf ward off baddies). I've managed to get wireguards' logs into 
/var/log/messages by issueing:

/sbin/ifconfig wg0 debug

Since they are quite verbose and are polluting /var/log/messages, I'd 
like for them to land in /var/ramdisk_log/wireguard.log instead. I've 
instructing newsyslog to create the logfile :

[root@system:/]# cat /var/ramdisk_log/wireguard.log
Sep 17 00:27:36 system newsyslog[55203]: logfile first created
[root@system:/]# ls -laht  /var/ramdisk_log/wireguard.log
-rw-rw----  1 root wheel   66B Sep 17 00:27 /var/ramdisk_log/wireguard.log
[root@system:/]#

and have since attempted to redirect the "wg0" logs to 
/var/ramdisk_log/wireguard.log by using these syslog includes:

:msg, contains, ".*wg0: .*"
*.*                                /var/ramdisk_log/wireguard.log

and

:msg, regex, "wg[0-9]{1,2}\:\ "
*.*                                /var/ramdisk_log/wireguard.log

Unfortunately, the includes are not redirecting the wg0 logs to my 
preferred location (the includes are placed in 
/etc/syslog.d/wireguard.conf which is parsed by syslogd) and I'm out of 
ideas / logs on how to further troubleshoot why the logstream doesn't 
get redirected :(

Im hoping somebody - a little better versed in syslog - could provide me 
with some insights / pointers...

Feedback appreciated!

ruben