On 01/17/2011 02:23 AM, [email protected] wrote:
look at /etc/hosts on the client. see if you have the short name or
long name listed first.
If you have the short name listed first, try switching it to long name
first. (when looking something up in /etc/hosts by IP, you get the
first name on the list)
If this doesn't work, then what I suspect is happening is that the
sending system is putting just it's hostname in the logs when it
sends. some distros let you put a FQDN in the /etc/hostnames file
without problems. If your distro lets you do this, try doing that and
see if this then changes what's getting logged by rsyslog.
The third thing you can try is on the server, change it from using the
default template that logs %HOSTNAME%, which is the name the client
puts in the log to %FROMHOST%, which is the name (looked up from the
IP) of the machine that sent the log packet to the receiving rsyslog
David Lang
So, I just realized FROMHOST won't work since I am using SSL via
stunnel, which makes all messages look like they came from 127.0.0.1.
--
Joe McDonagh
Operations Engineer
AIM: YoosingYoonickz
IRC: joe-mac on freenode
"When the going gets weird, the weird turn pro."
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com