Re: issues with syslogd include redirecting wg0 output to custom location

Reply: fuxjez : "Re: issues with syslogd include redirecting wg0 output to custom location"
In reply to: Miroslav Lachman : "Re: issues with syslogd include redirecting wg0 output to custom location"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: fuxjez <mail_at_osfux.nl>
Date: Tue, 17 Sep 2024 12:38:27 UTC

Hi Miroslav,

Thank you for your suggestion. I got the property based filtering from 
the manpage. The entries in /var/log/messages look like these:

wg0: Sending handshake response to peer 1
wg0: Receiving keepalive packet from peer 1
wg0: Sending keepalive packet to peer 1
wg0: Sending keepalive packet to peer 1
wg0: Sending keepalive packet to peer 1
wg0: Receiving handshake initiation from peer 0
wg0: Sending handshake response to peer 0
wg0: Sending keepalive packet to peer 0
wg0: Sending keepalive packet to peer 1
wg0: Receiving handshake initiation from peer 1
wg0: Sending handshake response to peer 1
wg0: Sending keepalive packet to peer 1

replacing:

*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err 
/var/log/messages

in - /etc/syslog.conf - with:

!-wg0
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err 
/var/log/messages
!wg0
*.* 
/var/ramdisk_log/wireguard.log

does redirect the logstream perfectly.

Thank you for your suggestion :)

Regards,

ruben




On 9/17/24 14:09, Miroslav Lachman wrote:
> On 17/09/2024 13:06, fuxjez wrote:
> 
> [..]
> 
>> and have since attempted to redirect the "wg0" logs to /var/ 
>> ramdisk_log/wireguard.log by using these syslog includes:
>>
>> :msg, contains, ".*wg0: .*"
>> *.*                                /var/ramdisk_log/wireguard.log
>>
>> and
>>
>> :msg, regex, "wg[0-9]{1,2}\:\ "
>> *.*                                /var/ramdisk_log/wireguard.log
>>
>> Unfortunately, the includes are not redirecting the wg0 logs to my 
>> preferred location (the includes are placed in /etc/syslog.d/ 
>> wireguard.conf which is parsed by syslogd) and I'm out of ideas / logs 
>> on how to further troubleshoot why the logstream doesn't get 
>> redirected :(
> 
> I never used property based filters in syslog.conf.
> Is it possible for you to use just classic style?
> For example I use following to have separate log file for messages from 
> pkg (install / upgrade / delete):
> 
> !-pkg,pkg-static
> *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/ 
> messages
> 
> !pkg,pkg-static
> *.*                                  /var/log/pkg.log
> 
> But I don't know how your wg0 debug entries are identified in the 
> messages log.
> 
> Kind regards
> Miroslav Lachman
> 
>