Scott, So now a bit more in-depth: the HOSTNAME is taken form the syslog message, while FROMHOST is the last hope. There is only a difference in relay scenarios - or, like here, based on DNS resolution. This is why you see different values. The point is to match against the same one that is used in the catchall rule.
However, I think the most appropriate thing to do is add a FROMHOST-IP property, which always has the IP address of the sender, no matter if the -x option is given or not. Would that help? Rainer > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Rainer Gerhards > Sent: Monday, December 24, 2007 7:59 PM > To: rsyslog-users > Subject: Re: [rsyslog] Hostname matching with DNS > > Really quick: check the HOSTNAME (or so ;)) property. > > ----- Ursprüngliche Nachricht ----- > Von: "Scott Baker" <[EMAIL PROTECTED]> > An: "rsyslog-users" <[email protected]> > Gesendet: 24.12.07 19:10 > Betreff: [rsyslog] Hostname matching with DNS > > I have a couple host on private IPs 10.x.x.x and thus they have no > DNS entries. So rather that log the IP in syslog I setup host > entries for them. > > If I do something like > > :FROMHOST, isequal, "foobar" -?dialup > > it doesn't match the /etc/hosts entry I have for foobar. If I setup > a catchall entry that goes to a test log I see the line > > Dec 24 10:06:23 foobar [This is the message] > > So it's logging the hostname like I would expect it to (rsyslog is > aware of the host entry) but I can't match against it? Unfortunately > my server is SUPER busy now and I can't put the server in debug mode > to check what's coming across. Is there another way I could > check this? > > -- > Scott Baker - Canby Telcom > RHCE - System Administrator - 503.266.8253 > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
