On Wed, 7 Jul 2010, Joe Williams wrote: > David, > > Thanks, I think you're right: > > <14>Jul 2 21:25:38 HOSTNAME log message > > vs > > <149>customer:[<0.20341.5496>] IPADDR log message > > The latter is the message that our server is sending.
yep, there's no timestamp or hostname in the message. This is a failry common way to malform syslog messages, and the standard thing to do is to use the current time as the timestamp and use the IP address (or reverse DNS lookup) as the hostname if you can get the srver to change it's log format you should start seeing the hostname correctly, short of this you have to settle for what you can get from the IP address. David Lang > -Joe > > > On Jul 7, 2010, at 10:27 AM, [email protected] wrote: > >> On Wed, 7 Jul 2010, Joe Williams wrote: >> >>> I have a couple services (haproxy and homegrown erlang stuff) that log >>> directly to my rsyslog server. With these services I found that they log >>> the reverse DNS rather than the hostname but with the logs that come >>> from actual rsyslog clients they show up as one would expect with the >>> real hostname, like what is returned from the "hostname" command. I've >>> tried a few different things with "-x" and fromhost vs hostname and >>> can't seem to get anything other than either an IP or a rDNS. Any >>> suggestions? Do I need to include more information in the messages I >>> send to rsyslog or perhaps adjust a config? >> >> probably what is happening is that your server is not sending a properly >> formatted syslog message to rsyslog, so it is figuring out the info >> itself. >> >> try setting up a format with %raw% in it (the raw message that rsyslog >> receives) and look at it. >> >> it _should_ be in the format >> >> <number> HH:MM:SS hostname syslogtag message >> >> I suspect that you are not getting the data in that format so rsyslog >> isn't recognising the hostname from the syslog message, so is having to >> fall back on IP address or reverse DNS. >> >> David Lang >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com > > Name: Joseph A. Williams > Email: [email protected] > Blog: http://www.joeandmotorboat.com/ > Twitter: http://twitter.com/williamsjoe > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
