David, Thanks, I think you're right:
<14>Jul 2 21:25:38 HOSTNAME log message vs <149>customer:[<0.20341.5496>] IPADDR log message The latter is the message that our server is sending. -Joe On Jul 7, 2010, at 10:27 AM, [email protected] wrote: > On Wed, 7 Jul 2010, Joe Williams wrote: > >> I have a couple services (haproxy and homegrown erlang stuff) that log >> directly to my rsyslog server. With these services I found that they log >> the reverse DNS rather than the hostname but with the logs that come >> from actual rsyslog clients they show up as one would expect with the >> real hostname, like what is returned from the "hostname" command. I've >> tried a few different things with "-x" and fromhost vs hostname and >> can't seem to get anything other than either an IP or a rDNS. Any >> suggestions? Do I need to include more information in the messages I >> send to rsyslog or perhaps adjust a config? > > probably what is happening is that your server is not sending a properly > formatted syslog message to rsyslog, so it is figuring out the info > itself. > > try setting up a format with %raw% in it (the raw message that rsyslog > receives) and look at it. > > it _should_ be in the format > > <number> HH:MM:SS hostname syslogtag message > > I suspect that you are not getting the data in that format so rsyslog > isn't recognising the hostname from the syslog message, so is having to > fall back on IP address or reverse DNS. > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com Name: Joseph A. Williams Email: [email protected] Blog: http://www.joeandmotorboat.com/ Twitter: http://twitter.com/williamsjoe _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
