On Thu, Feb 26, 2009 at 23:59, Patrick Shen <[email protected]> wrote: > You can see we group logs by fromhost value. > > Today, I did 3 times test that a client named (sobek) sent logs to > central logging server by UDP, TCP and RELP. > > The FQDN of client node is "sobek.net-m.internal", short name is > "sobek", ip address is "172.21.101.13". > > After testing, I got when sending via UDP, the fromhost value is short > name. And via TCP, the value is FQDN. Via RELP, the value is IP address. > > So I got a very weird directory organization at "/var/rsyslog/HOSTS". > > ########################################################################## > drwxr-x--- 3 root syslog 80 Feb 27 07:24 172.21.101.13 <- RELP > drwxr-x--- 3 root syslog 80 Feb 27 05:58 sobek <- UDP > drwxr-x--- 3 root syslog 80 Feb 27 06:03 sobek.net-m.internal <- TCP > ##########################################################################
I've tried something similar and eventually gave up and started using the 'fromhost-ip' property to create per-sender templates. Of course, fromhost* falls down once you have relays in the mix, but that's another problem to solve. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
