Rainer Gerhards wrote: > I'd still go for debug mode. You don't need to run it very long. We just > need to see how a few of these messages are fully processed. A proper > test setup would be to start up in debug mode with the network cable > pulled, then plug it in for a second or two, then unplug it again. Once > rsyslogd is finished processing, stop it. That should lead to useful > info in the debug log. > > Oh - and are you sure that fromhost has the proper IP addresses? If not > 100% sure, verify it by putting something like '%FROMHOST%' into a debug > template (note that there is also FROMHOST-IP, which will have the IP > address no matter if names are resolved or not).
I like the debug template idea, that's genius. Is there a way to have a bunch of filters to catch assorted things, and then an "everything leftover" filter? ------------------------------------------------------------------------ # Mail servers log to their special section $FileCreateMode 0644 :FROMHOST, isequal, "magenta" -?magic-mail :FROMHOST, isequal, "cyan" -?magic-mail :FROMHOST, isequal, "orange" -?magic-mail # Firewalls :FROMHOST, isequal, "yin" -?firewall :FROMHOST, isequal, "yang" -?firewall # Everything that didn't get caught by one of the above filters (I have no idea what the syntax would be) _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
