Addition RSYSLOG CONFIGURATION:
Aug 21 11:35:44 1672072 08/21/2007 11:35:05.830 SEV=4 CONFIG/17 RPT=18 Done writing configuration file, Success. Older SYSLOG CONFIGURATION Aug 21 11:34:13 <HOSTNAME> 1672023 08/21/2007 11:33:32.910 SEV=4 CONFIG/17 RPT=16 Done writing configuration file, Success. Actually older syslog is writing hostname in front of message id and rsyslog is not logging the hostname ( The logs are sent from a CISCO IOS) Regards, Ashutosh -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaul, Ashutosh Sent: Tuesday, August 21, 2007 10:08 AM To: rsyslog-users Subject: Re: [rsyslog] Rsyslog /var/log/messages Hi Rainer/all, Thanks for the help, actually there were two problems, 1) Not able to log hostname from HP-UX - Sorted by using the %HOSTNAME% directive 2) Not able to log hostname from CISCO IOS. It's able to send to old syslog server - Still Pending. Pasting the logs for the same Aug 21 09:56:08 50644414 08/21/2007 08:56:20.820 SEV=5 <xX> RPT=1426140 <IP ADDRESS> Group [groupname] User [ysofer] Sending IKE Delete With Reason message: No Reason Provided. Aug 21 09:56:08 50644418 08/21/2007 08:56:20.830 SEV=4<AUTH0> RPT=1013753 <IPADRESS> User [username] Group [Groupname] disconnected: Session Type: IPSec/NAT-T Duration: 7:59:39 Bytes xmt: 27550464 Bytes rcv: 11482680 Reason: User Requested Aug 21 09:56:08 50644418 08/21/2007 08:56:20.830 SEV=4 <AUTH/28> RPT=1013753 <IP ADDRESS> User [username] Group [Group Name] disconnected: Session Type: IPSec/NAT-T Duration: 7:59:39 Bytes xmt: 27550464 Bytes rcv: 11482680 Reason: User Requested And really appreciate the support provided by all. Regards, Ashutosh -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rainer Gerhards Sent: Friday, August 17, 2007 3:11 AM To: rsyslog-users Subject: Re: [rsyslog] Rsyslog /var/log/messages Can you post the output of %rawmsg% - I think it has to do with the message. However, FROMHOST should always work. I would be useful if you run it in debug mode (-d -n) and post that output, too. Rainer > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kaul, Ashutosh > Sent: Thursday, August 16, 2007 3:14 PM > To: rsyslog-users > Subject: [rsyslog] Rsyslog /var/log/messages > > Hi all, > > I have a installed and configured rsyslog-1.17.6 for a centralized > syslog server, currently it's accepting syslogs at both UDP as well as > TCP but when I check my /var/log/messages file I find that it doesn't > log the hostname. > > Pasting the one of the syslog > Aug 16 08:07:56 50091162 08/16/2007 07:08:03.390 ..truncated > > In place of 50091162 it should log the ip address. > > I did some initial research in which it was mentioned the template > needs to have %FROMHOST% rather than %HOSTNAME% which I did but to no > luck. > > http://www.rsyslog.com/PNphpBB2-viewtopic-t-101.phtml > > Thanks in advance for help. > > Regards, > Ashutosh > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
