On Thu, 18 Dec 2008, Rainer Gerhards wrote: > On Thu, 2008-12-18 at 11:59 -0800, Scott Baker wrote: >> I have the following entry in my rsyslog conf, to match entries based on IP >> address. Somehow it's not matching any entries. >> >> # Switches >> $FileCreateMode 0644 >> :FROMHOST, isequal, "65.182.224.13" -?switches # Necalea >> :FROMHOST, isequal, "65.182.224.202" -?switches >> :FROMHOST, isequal, "66.206.80.60" -?switches > > Oh - and are you sure that fromhost has the proper IP addresses? If not > 100% sure, verify it by putting something like '%FROMHOST%' into a debug > template (note that there is also FROMHOST-IP, which will have the IP > address no matter if names are resolved or not).
I was seeing some issues where the fromhost was not getting set properly, I'll have to go back and dig up the details, but I think I was seeing it use the localhost as the fromhost and putting the real fromhost information in the message. I found it by creating an output format that I could tweak and playing with it to see what was actually showing up in the various parameters. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
