David, have you seen my other message where I asked to check all properties?
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Monday, July 26, 2010 8:26 PM > To: rsyslog-users > Subject: Re: [rsyslog] mark messages > > On Mon, 26 Jul 2010, Rainer Gerhards wrote: > > > Hi David, > > > > I have just checked immark, it uses a function to log internal > messages (that > > alone is questionable, but stems back to its history). However, this > function > > should properly populate hostname, so it looks like something else is > broken. > > Will check and keep you updated. > > you may need to explicitly check what happens when -x is provided. > > David Lang > > > > Thanks for the info, > > Rainer > > > >> -----Original Message----- > >> From: [email protected] [mailto:rsyslog- > >> [email protected]] On Behalf Of [email protected] > >> Sent: Saturday, July 24, 2010 6:57 AM > >> To: rsyslog-users > >> Subject: [rsyslog] mark messages > >> > >> I have a server sending me bad data, so I implmented the following > rule > >> to > >> trap log messaages where the hostname isn't an IP address or name > >> > >> :hostname, regex, "[a-zA-Z\.]" /file > >> & ~ > >> *.* /file2;fixformat > >> > >> unfortunantly it turns out that this also traps mark messages. > >> > >> the %rawmsg% for mark is just "-- MARK --" and apparently hostname > is > >> not > >> populated (fromhost-ip is 127.0.0.1) > >> > >> I do have -x on the rsyslog command line, so it is not doing DNS > >> resolution, but it should come up with either the local hostname or > >> 127.0.0.1 as the hostname for locally generated messages. Either one > of > >> these would match my regex as being a 'normal' message > >> > >> This box is currently running 5.5.3 > >> > >> David Lang > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
