Hi David, thanks for you kind reply...:-) ! --- This didn't seem to get through to the archives for some reason...: http://lists.adiscon.net/pipermail/rsyslog/2012-January/thread.html Hope I will not dobbel-post... --- I don't use syslog-relays, so this will not cause me any problems. Don't actually know what version we are running - can see this Monday morning though... Thanks for this hint... will upgrade to 6.2 if not already then. I have to configure this into a already running live production system - our previous syslog-admin left...:-(. Could I perhaps ask you to be so kind as to give an configuration example of how this is done, if I ask really nicely... :-) ?
Thanks in advance :-) ! ~maymann 2012/1/13 <[email protected]> > you need to be aware that doing the DNS queries is rather expensive > (although I think I saw a comment that in the very latest 6.2 version there > may now be a DNS cache that will drastically help) > > you would need to create a template with FROMHOST in it and use that as > the filename to write to (look for dynafile in the documentation) > > note that if you are relaying logs from one machine to another, only the > first machine will see the true source in FROMHOST, machines after that > will only see the relay box. > > let me know if this doesn't give you enough clues to learn how to do this. > > David Lang > > On Fri, 13 Jan 2012, Michael Maymann wrote: > > Date: Fri, 13 Jan 2012 14:43:06 +0100 >> From: Michael Maymann <[email protected]> >> Reply-To: rsyslog-users <[email protected]> >> To: [email protected] >> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir howto/links/examples >> >> >> Furthermore: would it be possible to validate FQDN from DNS and not from >> syslog-info hostname. >> We are getting a lot of weird logfiles as some applications are not >> including the hostname as the first parameter in the syslog-entries, e.g.: >> Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10 >> [issue_cmd ] STATUS: 1#012#01212/16/11 09:47:10 >> [issue_cmd ] RESULT:#012#01212/16/11 09:47:10 >> [issue_cmd ] #012#01212/16/11 09:47:10 [set_host_compat_list] >> #012#01212/16/11 09:47:10 [issue_cli_cmd ] command is >> '/opt/vmware/aam/bin/ftcli -domain vmware -cmd "SetUserData HostCompatList >> text /tmp/hostCompatList"'#012#**01212/16/11 09:47:40 >> >> Would be nice to validate FQDN from sender DNS query... >> >> Thanks in advance :-) ! >> ~maymann >> >> >> 2012/1/13 Michael Maymann <[email protected]> >> >> Hi List, >>> >>> I'm new to rsyslog/syslog in general. >>> >>> I would like to syslog from all my 100+ network devices. >>> Preferably I would like a FQDN.log file for each host (or a FQDN-dir >>> containing logs from this host if more logfiles per host are best >>> practice)... >>> >>> Can anyone give me an example of (or link to) best practice of this kind >>> of setup. >>> >>> >>> Thanks in advance :-) ! >>> >>> ~maymann >>> >>> ______________________________**_________________ >> rsyslog mailing list >> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >> >> ______________________________**_________________ > rsyslog mailing list > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> > http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
