On Sat, 14 Jan 2012, Michael Maymann wrote:
Hi David,
thanks for this...this is super info...:-) !
If I have to create different logs per host, will this be the a valid
configuration:
$template DynaFile_messages,?/logfiles_on_nfs/%HOSTNAME%/messages?
*.* -?DynaFile_messages
$template DynaFile_secure,?/logfiles_on_nfs/%HOSTNAME%/secure?
*.* -?DynaFile_secure
$template DynaFile_auth.log,?/logfiles_on_nfs/%HOSTNAME%/auth.log?
*.* -?DynaFile_auth.log
I believe so.
1. Will rsyslog automatically create the %HOSTNAME% dir's or do I have to
create every hosts dir upfront... ?
it will create it for you (make sure it's running with the appropriate
permissions, if you have rsyslog configured to drop privileges, the lower
privileges need the ability to create the directories)
2. Is DNS caching default enabled or do I have to enable this somewhere
first...?
I don't know, I haven't had a chance to look into that yet.
David Lang
Thanks in advance :-) !
~maymann
2012/1/14 <[email protected]>
http://rsyslog.com/article60/
David Lang
On Sat, 14 Jan 2012, Michael Maymann wrote:
Date: Sat, 14 Jan 2012 07:23:57 +0100
From: Michael Maymann <[email protected]>
To: rsyslog-users <[email protected]>, [email protected],
Michael Maymann <[email protected]>
Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir howto/links/examples
Hi David,
thanks for you kind reply...:-) !
---
This didn't seem to get through to the archives for some reason...:
http://lists.adiscon.net/**pipermail/rsyslog/2012-**January/thread.html<http://lists.adiscon.net/pipermail/rsyslog/2012-January/thread.html>
Hope I will not dobbel-post...
---
I don't use syslog-relays, so this will not cause me any problems.
Don't actually know what version we are running - can see this Monday
morning though... Thanks for this hint... will upgrade to 6.2 if not
already then.
I have to configure this into a already running live production system -
our previous syslog-admin left...:-(.
Could I perhaps ask you to be so kind as to give an configuration example
of how this is done, if I ask really nicely... :-) ?
Thanks in advance :-) !
~maymann
2012/1/13 <[email protected]>
you need to be aware that doing the DNS queries is rather expensive
(although I think I saw a comment that in the very latest 6.2 version
there
may now be a DNS cache that will drastically help)
you would need to create a template with FROMHOST in it and use that as
the filename to write to (look for dynafile in the documentation)
note that if you are relaying logs from one machine to another, only the
first machine will see the true source in FROMHOST, machines after that
will only see the relay box.
let me know if this doesn't give you enough clues to learn how to do
this.
David Lang
On Fri, 13 Jan 2012, Michael Maymann wrote:
Date: Fri, 13 Jan 2012 14:43:06 +0100
From: Michael Maymann <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir
howto/links/examples
Furthermore: would it be possible to validate FQDN from DNS and not from
syslog-info hostname.
We are getting a lot of weird logfiles as some applications are not
including the hostname as the first parameter in the syslog-entries,
e.g.:
Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10
[issue_cmd ] STATUS: 1#012#01212/16/11 09:47:10
[issue_cmd ] RESULT:#012#01212/16/11 09:47:10
[issue_cmd ] #012#01212/16/11 09:47:10 [set_host_compat_list]
#012#01212/16/11 09:47:10 [issue_cli_cmd ] command is
'/opt/vmware/aam/bin/ftcli -domain vmware -cmd "SetUserData
HostCompatList
text /tmp/hostCompatList"'#012#****01212/16/11 09:47:40
Would be nice to validate FQDN from sender DNS query...
Thanks in advance :-) !
~maymann
2012/1/13 Michael Maymann <[email protected]>
Hi List,
I'm new to rsyslog/syslog in general.
I would like to syslog from all my 100+ network devices.
Preferably I would like a FQDN.log file for each host (or a FQDN-dir
containing logs from this host if more logfiles per host are best
practice)...
Can anyone give me an example of (or link to) best practice of this
kind
of setup.
Thanks in advance :-) !
~maymann
______________________________****_________________
rsyslog mailing list
http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
<http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
<http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
______________________________****_________________
rsyslog mailing list
http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
<http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
<http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
