-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All,
I've utilized rsyslog as my company's central logging server for half a year. Today I encounterd a very weird issue about value of fromhost property. We use dynamic templates to store logs from clients. The template is like below: $template d_hosts,"/var/rsyslog/HOSTS/%fromhost%/%$year%/%$month%/%syslogfacility-text%_%fromhost%_%$year%_%$month%_%$day %.log" You can see we group logs by fromhost value. Today, I did 3 times test that a client named (sobek) sent logs to central logging server by UDP, TCP and RELP. The FQDN of client node is "sobek.net-m.internal", short name is "sobek", ip address is "172.21.101.13". After testing, I got when sending via UDP, the fromhost value is short name. And via TCP, the value is FQDN. Via RELP, the value is IP address. So I got a very weird directory organization at "/var/rsyslog/HOSTS". ########################################################################## drwxr-x--- 3 root syslog 80 Feb 27 07:24 172.21.101.13 <- RELP drwxr-x--- 3 root syslog 80 Feb 27 05:58 sobek <- UDP drwxr-x--- 3 root syslog 80 Feb 27 06:03 sobek.net-m.internal <- TCP ########################################################################## We are running rsyslog 3.20.0 both on client and server. So I wanna know if any other has encountered this before? Thanks, Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJp49ckHhYtFevC+MRApbbAJ9Dgxtw5mf+ax9D81OZPfh5E9aJPgCdEqF/ FlkFDJpWr4k6pVV4AQiLhRw= =cQzr -----END PGP SIGNATURE----- _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
