Hi David, I have just checked immark, it uses a function to log internal messages (that alone is questionable, but stems back to its history). However, this function should properly populate hostname, so it looks like something else is broken. Will check and keep you updated.
Thanks for the info, Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Saturday, July 24, 2010 6:57 AM > To: rsyslog-users > Subject: [rsyslog] mark messages > > I have a server sending me bad data, so I implmented the following rule > to > trap log messaages where the hostname isn't an IP address or name > > :hostname, regex, "[a-zA-Z\.]" /file > & ~ > *.* /file2;fixformat > > unfortunantly it turns out that this also traps mark messages. > > the %rawmsg% for mark is just "-- MARK --" and apparently hostname is > not > populated (fromhost-ip is 127.0.0.1) > > I do have -x on the rsyslog command line, so it is not doing DNS > resolution, but it should come up with either the local hostname or > 127.0.0.1 as the hostname for locally generated messages. Either one of > these would match my regex as being a 'normal' message > > This box is currently running 5.5.3 > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
