On Mon, 26 Jul 2010, Rainer Gerhards wrote: > Hi David, > > I have just checked immark, it uses a function to log internal messages (that > alone is questionable, but stems back to its history). However, this function > should properly populate hostname, so it looks like something else is broken. > Will check and keep you updated.
you may need to explicitly check what happens when -x is provided. David Lang > Thanks for the info, > Rainer > >> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of [email protected] >> Sent: Saturday, July 24, 2010 6:57 AM >> To: rsyslog-users >> Subject: [rsyslog] mark messages >> >> I have a server sending me bad data, so I implmented the following rule >> to >> trap log messaages where the hostname isn't an IP address or name >> >> :hostname, regex, "[a-zA-Z\.]" /file >> & ~ >> *.* /file2;fixformat >> >> unfortunantly it turns out that this also traps mark messages. >> >> the %rawmsg% for mark is just "-- MARK --" and apparently hostname is >> not >> populated (fromhost-ip is 127.0.0.1) >> >> I do have -x on the rsyslog command line, so it is not doing DNS >> resolution, but it should come up with either the local hostname or >> 127.0.0.1 as the hostname for locally generated messages. Either one of >> these would match my regex as being a 'normal' message >> >> This box is currently running 5.5.3 >> >> David Lang >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
