On Thu, 8 Oct 2009, RB wrote: > On Thu, Oct 8, 2009 at 13:10, Dag Wieers <[email protected]> wrote: > >> Also, I have noticed that our central rsyslog-server (more than 400 >> systems log to it) have directories with names like: Detected/, exiting/, >> ext3_abort/, EXT3-fs/, journal/, last/, martian/, program/, Remounting/, >> Restarting/, ... So it is obvious that something is not working as >> expected coming from the kernel. > > More than likely because you're trying to make directories based on > the %hostname% property, which rsyslog assumes is a specific field. > With the sloppier daemons (FreeBSD in particular), I've had far more > luck using the %fromhost-ip% property (as well as the $ system > properties for timestamps). Of course, that breaks down if you're > doing relaying, but relying on values the other end sends you to > create filesystem artifacts is dangerous at best anyway
You are correct, that is exactly what we do. However with rsyslog v2.0.6 it seems there is no %FROMHOST-IP% and the %FROMHOST% property only contains the IP address. Maybe there is something else I need to do to get the short hostname from DNS, rather than an IP on rsyslog v2 ? >> but of course I cannot influence our production kernels to do the right >> thing. What can I do to have rsyslog accept the "wrong" thing ? :) > > Use %fromhost% or %fromhost-ip% to make the directory > structures/filenames, and make a custom format if you need to handle > the remaning lack of data (again, timestamp & host). I'm sure there > are many other ways to approach it, but that's the way I've solved it. Thanks for the feedback. I hope more people can chime into this. -- -- dag wieers, [email protected], http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors] _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
