Unfortunately, 2.0.6 is a very old and deprecated version. I really don't dig any longer into that code base (except, of course, for folks with support contracts). It really is not worth the hassle. You'll run into a couple of issues in the long term. I suggest upgrading at least to v3-stable. Project status is here:
http://www.rsyslog.com/doc-status.html Sorry I have no better reply, Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Dag Wieers > Sent: Friday, October 09, 2009 2:38 PM > To: rsyslog-users > Subject: Re: [rsyslog] Wrongly formatted messages from > kernel/netconsole > > On Thu, 8 Oct 2009, RB wrote: > > > On Thu, Oct 8, 2009 at 13:10, Dag Wieers <[email protected]> wrote: > > > >> Also, I have noticed that our central rsyslog-server (more than 400 > >> systems log to it) have directories with names like: Detected/, > exiting/, > >> ext3_abort/, EXT3-fs/, journal/, last/, martian/, program/, > Remounting/, > >> Restarting/, ... So it is obvious that something is not working as > >> expected coming from the kernel. > > > > More than likely because you're trying to make directories based on > > the %hostname% property, which rsyslog assumes is a specific field. > > With the sloppier daemons (FreeBSD in particular), I've had far more > > luck using the %fromhost-ip% property (as well as the $ system > > properties for timestamps). Of course, that breaks down if you're > > doing relaying, but relying on values the other end sends you to > > create filesystem artifacts is dangerous at best anyway > > You are correct, that is exactly what we do. However with rsyslog > v2.0.6 > it seems there is no %FROMHOST-IP% and the %FROMHOST% property only > contains the IP address. Maybe there is something else I need to do to > get > the short hostname from DNS, rather than an IP on rsyslog v2 ? > > > >> but of course I cannot influence our production kernels to do the > right > >> thing. What can I do to have rsyslog accept the "wrong" thing ? :) > > > > Use %fromhost% or %fromhost-ip% to make the directory > > structures/filenames, and make a custom format if you need to handle > > the remaning lack of data (again, timestamp & host). I'm sure there > > are many other ways to approach it, but that's the way I've solved > it. > > Thanks for the feedback. I hope more people can chime into this. > > -- > -- dag wieers, [email protected], http://dag.wieers.com/ -- > [Any errors in spelling, tact or fact are transmission errors] > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
