That's why I am after the log samples :) I just termed a new acronym this afternoon: YAMSF - yet another malformed syslog format ;)
http://blog.gerhards.net/2009/02/calling-for-log-samples.html I try hard to get the fields right, but often this is impossible, resulting in the issues you see. Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Friday, March 06, 2009 7:54 PM > To: rsyslog-users > Subject: Re: [rsyslog] properties not getting filled in correctly > > On Fri, 6 Mar 2009, [email protected] wrote: > > > I'm running into problems trying to do filtering. it looks as if the > log > > parsing is not properly filling in the properties. > > > > what I've run into so far > > > > when I use the property 'programname' the content that I see is what > I would > > expect in 'hostname' > > > > when I use the property 'hostname' the content that I see is what I > would > > expect in 'fromhost' > > > > I haven't checked all the other properties, but my guess is that > somehow > > rsyslog is off-by-one in filling them in. > > having said this, date, fromhost, and from-ip appear to be filled in > correctly. > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
