I think the incoming message is illformed. For background, read this: http://www.rsyslog.com/doc/syslog_parsing.html
You can create a file via *.* /path/to/file;RSYSLOG_DebugFormat And post the rawmsg output. Then we can probably suggest a solution. But, as said in the paper, the proper solutions are to configure the device to emit correct messages or create a custom parser if that's not possible. Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Brano > Sent: Friday, April 08, 2011 4:39 AM > To: [email protected] > Subject: [rsyslog] Hostname missing from logs > > I've recently switched from syslogd to rsyslogd on CentOS 5.5 due to > need of granular network logging. > However, I've noticed one issue with my remote log. > > I'm logging from remote host called usg200 (defined in local hostfile). > It is ZyXel USG200 router. > > With syslogd the messages in log were like this one > Apr 3 21:27:43 *usg200* domain.com src="76.10.x.x:500" > dst="76.10.x.x:500" msg="The cookie pair is : 0x6f28d9b0e98a895a / > 0x3bfec > fd059520966" note="IKE_LOG" user="unknown" devID="0019cb7273a4" > cat="IKE" > > With rsyslog the messages are like this > Apr 6 14:21:04 domain.com src="76.10.x.x: 500" dst="76.10.x.x:500" > msg="Recv:[HASH][NOTFY:R_U_THERE]" note="IKE_LOG" user="unknown" > devID="0019cb7273a4" cat="IKE" > > Notice the usg200 hostname in rsyslog just after date is missing. I > need > to get it back. Any advice highly appreciated. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
