Hi, sure, lets give it a go...:-) !
~maymann 2012/2/4 <[email protected]> > If Rainer creates the instramented version it would still be good to see > what's going on. I would say that for fromhost-ip to be '???' is always a > bug, and if a failed DNS lookup makes the fromhost be '???' instead of the > IP address, I would also consider that a bug. > > It would be good to track down what's actually happening here. > > David Lang > > > On Sat, 4 Feb 2012, Michael Maymann wrote: > > Hi, >> >> SOLVED... >> >> got it working...:-) ! >> >> I enabled debugging (David: thanks for the hint) and this was one of the >> entries: >> --- >> Debug line with all properties: >> FROMHOST: '???', fromhost-ip: '???', HOSTNAME: '<IP>', PRI: 14, >> syslogtag '00828', programname: '00828', APP-NAME: '00828', PROCID: '-', >> MSGID: '-', >> TIMESTAMP: 'Feb 4 07:29:40', STRUCTURED-DATA: '-', >> msg: ' lldp: PVID mismatch on port C2(VID 1)with peer device port 2(VID >> unknown)(769216)' >> escaped msg: ' lldp: PVID mismatch on port C2(VID 1)with peer device port >> 2(VID unknown)(769216)' >> inputname: imudp rawmsg: '<14> Feb 4 07:29:40 <IP> 00828 lldp: PVID >> mismatch on port C2(VID 1)with peer device port 2(VID unknown)(769216)' >> --- >> The <IP> from the last line was ofcause the same as in the the logfiles... >> I confuse this to be a client of a rsyslog-client twice... :-o ! >> >> I could hereafter easily edit my /etc/rsyslog.conf respectively: >> --- >> #SET PRIVILEGES >> $PreserveFQDN on >> $PrivDropToGroup <GROUP> >> $PrivDropToUser <USER> >> $DirCreateMode 0750 >> $FileCreateMode 0640 >> $UMASK 0027 >> >> #LOAD MODULES >> $ModLoad imudp >> $UDPServerRun 514 >> $UDPServerAddress 127.0.0.1 >> $ModLoad imtcp >> $InputTCPServerRun 514 >> >> #DEBUGMODE (disable "SET PRIVILEGES" & everything below + comment-in to >> enable...) >> #*.info;mail.none;authpriv.**none;cron.none >> /var/log/messages-debug;**RSYSLOG_DebugFormat >> >> #SET DESTINATION FOR LOGS >> $template >> DYNmessages,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** >> $MONTH%_messages" >> $template >> DYNsecure,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_secure" >> $template >> DYNmaillog,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_maillog" >> $template DYNcron,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_** >> cron" >> $template >> DYNspooler,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_spooler" >> $template >> DYNboot,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_**boot.log" >> $template DYNtraps,"<PATH_TO>/%FROMHOST%**/%FROMHOST%_%$YEAR%.%$MONTH%_** >> traps" >> >> $template >> DYNIPmessages,"<PATH_TO>/%**HOSTNAME%/%HOSTNAME%_%$YEAR%.%** >> $MONTH%_messages" >> $template >> DYNIPsecure,"<PATH_TO>/%**HOSTNAME%/%HOSTNAME%_%$YEAR%.%**$MONTH%_secure" >> $template >> DYNIPmaillog,"<PATH_TO>/%**HOSTNAME%/%HOSTNAME%_%$YEAR%.%** >> $MONTH%_maillog" >> $template DYNIPcron,"<PATH_TO>/%**HOSTNAME%/%HOSTNAME%_%$YEAR%.%** >> $MONTH%_cron" >> $template >> DYNIPspooler,"<PATH_TO>/%**HOSTNAME%/%HOSTNAME%_%$YEAR%.%** >> $MONTH%_spooler" >> $template >> DYNIPboot,"<PATH_TO>/%**HOSTNAME%/%HOSTNAME%_%$YEAR%.%**$MONTH%_boot.log" >> $template >> DYNIPtraps,"<PATH_TO>/%**HOSTNAME%/%HOSTNAME%_%$YEAR%.%**$MONTH%_traps" >> >> #SET LOGGING CONDITIONS >> if $syslogseverity <= '6' and $fromhost != '???' then ?DYNmessages >> if $syslogfacility-text == 'authpriv' and $fromhost != '???' then >> ?DYNsecure >> if $syslogfacility-text == 'mail' and $fromhost != '???' then ?DYNmaillog >> if $syslogfacility-text == 'cron' and $fromhost != '???' then ?DYNcron >> if $syslogseverity-text == 'crit' and $fromhost != '???' then ?DYNspooler >> if $syslogfacility-text == 'local7' and $fromhost != '???' then ?DYNboot >> if $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING' >> and $fromhost != '???' then ?DYNtraps >> >> if $syslogseverity <= '6' and $fromhost == '???' then ?DYNIPmessages >> if $syslogfacility-text == 'authpriv' and $fromhost == '???' then >> ?DYNIPsecure >> if $syslogfacility-text == 'mail' and $fromhost == '???' then >> ?DYNIPmaillog >> if $syslogfacility-text == 'cron' and $fromhost == '???' then ?DYNIPcron >> if $syslogseverity-text == 'crit' and $fromhost == '???' then >> ?DYNIPspooler >> if $syslogfacility-text == 'local7' and $fromhost == '???' then ?DYNIPboot >> if $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING' >> and $fromhost == '???' then ?DYNIPtraps >> --- >> >> David+Rainer: thanks for your help... much appreciated...:-) ! >> >> Br. >> ~maymann >> >> 2012/2/4 <[email protected]> >> >> I was actually meaning for you to do this on the server where you are >>> seeing the ??? show up. >>> >>> but this does show that the sending machine thinks it's doing everythig >>> correcty (assuming the <HOSTNAME> you put in the message below is >>> actually >>> correct) >>> >>> what I would want to see from the server log is one of the messages with >>> the ??? in it that you are trying to fix. >>> >>> >>> David Lang >>> >>> On Fri, 3 Feb 2012, Michael Maymann wrote: >>> >>> Hi, >>> >>>> >>>> David: thanks for you reply...:-) ! >>>> >>>> This is not a known client causing the "???" entries - I don't know the >>>> ip(s)/hostname(s), and this is why i would like to log IP instead of >>>> hostname - as my guess is it is a network device without DNS >>>> entry...:-( ! >>>> >>>> Can I troubleshoot on the server somehow similar... or was that the >>>> intention all along...:-o ! >>>> >>>> Here is the client-debug output anyways...: >>>> # cat messages-debug >>>> Debug line with all properties: >>>> FROMHOST: '<HOSTNAME>', fromhost-ip: '127.0.0.1', HOSTNAME: >>>> '<HOSTNAME>', >>>> PRI: 6, >>>> syslogtag 'kernel:', programname: 'kernel', APP-NAME: 'kernel', PROCID: >>>> '-', MSGID: '-', >>>> TIMESTAMP: 'Feb 3 11:14:24', STRUCTURED-DATA: '-', >>>> msg: 'imklog 4.6.2, log source = /proc/kmsg started.' >>>> escaped msg: 'imklog 4.6.2, log source = /proc/kmsg started.' >>>> rawmsg: 'imklog 4.6.2, log source = /proc/kmsg started.' >>>> >>>> Debug line with all properties: >>>> FROMHOST: '<HOSTNAME>', fromhost-ip: '127.0.0.1', HOSTNAME: >>>> '<HOSTNAME>', >>>> PRI: 46, >>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: 'rsyslogd', >>>> PROCID: '-', MSGID: '-', >>>> TIMESTAMP: 'Feb 3 11:14:24', STRUCTURED-DATA: '-', >>>> msg: ' [origin software="rsyslogd" swVersion="4.6.2" x-pid="13432" >>>> x-info=" >>>> http://www.rsyslog.com";] (re)start' >>>> escaped msg: ' [origin software="rsyslogd" swVersion="4.6.2" >>>> x-pid="13432" >>>> x-info="http://www.rsyslog.com****";] (re)start' >>>> >>>> rawmsg: ' [origin software="rsyslogd" swVersion="4.6.2" x-pid="13432" >>>> x-info="http://www.rsyslog.com****";] (re)start' >>>> >>>> >>>> Debug line with all properties: >>>> FROMHOST: '<HOSTNAME>', fromhost-ip: '127.0.0.1', HOSTNAME: >>>> '<HOSTNAME>', >>>> PRI: 13, >>>> syslogtag 'root:', programname: 'root', APP-NAME: 'root', PROCID: '-', >>>> MSGID: '-', >>>> TIMESTAMP: 'Feb 3 11:14:30', STRUCTURED-DATA: '-', >>>> msg: ' hej' >>>> escaped msg: ' hej' >>>> rawmsg: '<13>Feb 3 11:14:30 root: hej' >>>> >>>> >>>> Thanks in advance :-) ! >>>> ~maymann >>>> >>>> >>>> 2012/2/3 <[email protected]> >>>> >>>> oops, that should have been RSYSLOG_DebugFormat template. >>>> >>>>> >>>>> David Lang >>>>> >>>>> On Thu, 2 Feb 2012, [email protected] wrote: >>>>> >>>>> Date: Thu, 2 Feb 2012 22:44:46 -0800 (PST) >>>>> >>>>> From: [email protected] >>>>>> >>>>>> Reply-To: rsyslog-users <[email protected]> >>>>>> To: rsyslog-users <[email protected]> >>>>>> Subject: Re: [rsyslog] if %FROMHOST% == '???' then %FROMHOST% == %IP% >>>>>> >>>>>> what does one of these messages look like if you write it out with the >>>>>> RSYSLOG_DEBUG template? >>>>>> >>>>>> David Lang >>>>>> >>>>>> On Fri, 3 Feb 2012, Michael Maymann wrote: >>>>>> >>>>>> Date: Fri, 3 Feb 2012 07:00:26 +0100 >>>>>> >>>>>> From: Michael Maymann <[email protected]> >>>>>>> Reply-To: rsyslog-users <[email protected]> >>>>>>> To: rsyslog-users <[email protected]> >>>>>>> Subject: Re: [rsyslog] if %FROMHOST% == '???' then %FROMHOST% == %IP% >>>>>>> >>>>>>> Please... Anyone? >>>>>>> On Feb 2, 2012 2:17 PM, "Michael Maymann" <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>>> got it started... but still ??? dir+logfiles are showing up... >>>>>>>> This is now my rsyslog.conf: >>>>>>>> #SET PRIVILEGES >>>>>>>> $PreserveFQDN on >>>>>>>> $PrivDropToGroup <GROUP> >>>>>>>> $PrivDropToUser <USER> >>>>>>>> $DirCreateMode 0750 >>>>>>>> $FileCreateMode 0640 >>>>>>>> $UMASK 0027 >>>>>>>> >>>>>>>> #LOAD MODULES >>>>>>>> $ModLoad imudp >>>>>>>> $UDPServerRun 514 >>>>>>>> $UDPServerAddress 127.0.0.1 >>>>>>>> $ModLoad imtcp >>>>>>>> $InputTCPServerRun 514 >>>>>>>> >>>>>>>> #SET DESTINATION FOR LOGS >>>>>>>> $template >>>>>>>> DYNmessages,"PATH_TO/%******FROMHOST%/%FROMHOST%_%$YEAR%.%****** >>>>>>>> $MONTH%_messages" >>>>>>>> $template DYNsecure,"PATH_TO/%FROMHOST%/**** >>>>>>>> **%FROMHOST%_%$YEAR%.%$MONTH%_***** >>>>>>>> *secure" >>>>>>>> $template >>>>>>>> DYNmaillog,"PATH_TO/%FROMHOST%******/%FROMHOST%_%$YEAR%.%$** >>>>>>>> MONTH%** >>>>>>>> _**maillog" >>>>>>>> $template DYNcron,"PATH_TO/%FROMHOST%/%***** >>>>>>>> *FROMHOST%_%$YEAR%.%$MONTH%_** >>>>>>>> cron" >>>>>>>> $template >>>>>>>> DYNspooler,"PATH_TO/%FROMHOST%******/%FROMHOST%_%$YEAR%.%$** >>>>>>>> MONTH%** >>>>>>>> _**spooler" >>>>>>>> $template DYNboot,"PATH_TO/%FROMHOST%/%***** >>>>>>>> *FROMHOST%_%$YEAR%.%$MONTH%_** >>>>>>>> boot.log" >>>>>>>> $template DYNtraps,"PATH_TO/%FROMHOST%/%**** >>>>>>>> **FROMHOST%_%$YEAR%.%$MONTH%_****** >>>>>>>> traps" >>>>>>>> >>>>>>>> $template >>>>>>>> DYNIPmessages,"PATH_TO/%******FROMHOST-IP%/%FROMHOST-IP%_%$****** >>>>>>>> YEAR%.%$MONTH%_messages" >>>>>>>> $template >>>>>>>> DYNIPsecure,"PATH_TO/%******FROMHOST-IP%/%FROMHOST-IP%_%$****** >>>>>>>> YEAR%.%$MONTH%_secure" >>>>>>>> $template >>>>>>>> DYNIPmaillog,"PATH_TO/%******FROMHOST-IP%/%FROMHOST-IP%_%$****** >>>>>>>> YEAR%.%$MONTH%_maillog" >>>>>>>> $template >>>>>>>> DYNIPcron,"PATH_TO/%FROMHOST-******IP%/%FROMHOST-IP%_%$YEAR%.%** >>>>>>>> $**** >>>>>>>> MONTH%_cron" >>>>>>>> $template >>>>>>>> DYNIPspooler,"PATH_TO/%******FROMHOST-IP%/%FROMHOST-IP%_%$****** >>>>>>>> YEAR%.%$MONTH%_spooler" >>>>>>>> $template >>>>>>>> DYNIPboot,"PATH_TO/%FROMHOST-******IP%/%FROMHOST-IP%_%$YEAR%.%** >>>>>>>> $**** >>>>>>>> MONTH%_boot.log" >>>>>>>> $template >>>>>>>> DYNIPtraps,"PATH_TO/%FROMHOST-******IP%/%FROMHOST-IP%_%$YEAR%.** >>>>>>>> %$**** >>>>>>>> >>>>>>>> MONTH%_traps" >>>>>>>> >>>>>>>> #SET LOGGING CONDITIONS >>>>>>>> if $syslogseverity <= '6' and $fromhost != '???' then ?DYNmessages >>>>>>>> if $syslogfacility-text == 'authpriv' and $fromhost != '???' then >>>>>>>> ?DYNsecure >>>>>>>> if $syslogfacility-text == 'mail' and $fromhost != '???' then >>>>>>>> ?DYNmaillog >>>>>>>> if $syslogfacility-text == 'cron' and $fromhost != '???' then >>>>>>>> ?DYNcron >>>>>>>> if $syslogseverity-text == 'crit' and $fromhost != '???' then >>>>>>>> ?DYNspooler >>>>>>>> if $syslogfacility-text == 'local7' and $fromhost != '???' then >>>>>>>> ?DYNboot >>>>>>>> if $syslogfacility-text == 'local6' and $syslogseverity-text == >>>>>>>> 'WARNING' >>>>>>>> and $fromhost != '???' then ?DYNtraps >>>>>>>> >>>>>>>> if $syslogseverity <= '6' and $fromhost == '???' then ?DYNIPmessages >>>>>>>> if $syslogfacility-text == 'authpriv' and $fromhost == '???' then >>>>>>>> ?DYNIPsecure >>>>>>>> if $syslogfacility-text == 'mail' and $fromhost == '???' then >>>>>>>> ?DYNIPmaillog >>>>>>>> if $syslogfacility-text == 'cron' and $fromhost == '???' then >>>>>>>> ?DYNIPcron >>>>>>>> if $syslogseverity-text == 'crit' and $fromhost == '???' then >>>>>>>> ?DYNIPspooler >>>>>>>> if $syslogfacility-text == 'local7' and $fromhost == '???' then >>>>>>>> ?DYNIPboot >>>>>>>> if $syslogfacility-text == 'local6' and $syslogseverity-text == >>>>>>>> 'WARNING' >>>>>>>> and $fromhost == '???' then ?DYNIPtraps >>>>>>>> >>>>>>>> I have tried with $fromhost, $fromhost-ip and $hostname - but all >>>>>>>> creates >>>>>>>> ??? dir+files... >>>>>>>> What variable should I use to handle this properly ? >>>>>>>> >>>>>>>> >>>>>>>> Thanks in advance :-) ! >>>>>>>> ~maymann >>>>>>>> >>>>>>>> 2012/2/2 Michael Maymann <[email protected]> >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>>> David: thanks for your reply... >>>>>>>>> Here is my new rsyslog.conf: >>>>>>>>> #SET PRIVILEGES >>>>>>>>> $PreserveFQDN on >>>>>>>>> $PrivDropToGroup <GROUP> >>>>>>>>> $PrivDropToUser <USER> >>>>>>>>> $DirCreateMode 0750 >>>>>>>>> $FileCreateMode 0640 >>>>>>>>> $UMASK 0027 >>>>>>>>> >>>>>>>>> #LOAD MODULES >>>>>>>>> $ModLoad imudp >>>>>>>>> $UDPServerRun 514 >>>>>>>>> $UDPServerAddress 127.0.0.1 >>>>>>>>> $ModLoad imtcp >>>>>>>>> $InputTCPServerRun 514 >>>>>>>>> >>>>>>>>> #SET DESTINATION FOR LOGS >>>>>>>>> $template >>>>>>>>> DYNmessages,"PATH_TO/%******FROMHOST%/%FROMHOST%_%$YEAR%.%****** >>>>>>>>> $MONTH%_messages" >>>>>>>>> $template >>>>>>>>> DYNsecure,"PATH_TO/%FROMHOST%/******%FROMHOST%_%$YEAR%.%$** >>>>>>>>> MONTH%_** >>>>>>>>> **secure" >>>>>>>>> >>>>>>>>> $template >>>>>>>>> DYNmaillog,"PATH_TO/%FROMHOST%******/%FROMHOST%_%$YEAR%.%$** >>>>>>>>> MONTH%**_** >>>>>>>>> maillog" >>>>>>>>> $template DYNcron,"PATH_TO/%FROMHOST%/%***** >>>>>>>>> *FROMHOST%_%$YEAR%.%$MONTH%_** >>>>>>>>> cron" >>>>>>>>> $template >>>>>>>>> DYNspooler,"PATH_TO/%FROMHOST%******/%FROMHOST%_%$YEAR%.%$** >>>>>>>>> MONTH%**_** >>>>>>>>> spooler" >>>>>>>>> $template >>>>>>>>> DYNboot,"PATH_TO/%FROMHOST%/%******FROMHOST%_%$YEAR%.%$MONTH%_** >>>>>>>>> **** >>>>>>>>> boot.log" >>>>>>>>> $template DYNtraps,"PATH_TO/%FROMHOST%/%**** >>>>>>>>> **FROMHOST%_%$YEAR%.%$MONTH%_* >>>>>>>>> *traps" >>>>>>>>> >>>>>>>>> $template >>>>>>>>> DYNIPmessages,"PATH_TO/%******FROMHOST-IP%/%FROMHOST-IP%_%$****** >>>>>>>>> YEAR%.%$MONTH%_messages" >>>>>>>>> $template >>>>>>>>> DYNIPsecure,"PATH_TO/%******FROMHOST-IP%/%FROMHOST-IP%_%$****** >>>>>>>>> YEAR%.%$MONTH%_secure" >>>>>>>>> $template >>>>>>>>> DYNIPmaillog,"PATH_TO/%******FROMHOST-IP%/%FROMHOST-IP%_%$****** >>>>>>>>> YEAR%.%$MONTH%_maillog" >>>>>>>>> $template >>>>>>>>> DYNIPcron,"PATH_TO/%FROMHOST-******IP%/%FROMHOST-IP%_%$YEAR%.%** >>>>>>>>> $**** >>>>>>>>> MONTH%_cron" >>>>>>>>> $template >>>>>>>>> DYNIPspooler,"PATH_TO/%******FROMHOST-IP%/%FROMHOST-IP%_%$****** >>>>>>>>> YEAR%.%$MONTH%_spooler" >>>>>>>>> $template >>>>>>>>> DYNIPboot,"PATH_TO/%FROMHOST-******IP%/%FROMHOST-IP%_%$YEAR%.%** >>>>>>>>> $**** >>>>>>>>> MONTH%_boot.log" >>>>>>>>> $template >>>>>>>>> DYNIPtraps,"PATH_TO/%FROMHOST-******IP%/%FROMHOST-IP%_%$YEAR%.** >>>>>>>>> %$**** >>>>>>>>> >>>>>>>>> MONTH%_traps" >>>>>>>>> >>>>>>>>> #SET LOGGING CONDITIONS >>>>>>>>> if $syslogseverity <= '6' and %FROMHOST% != '???' then ?DYNmessages >>>>>>>>> if $syslogfacility-text == 'authpriv' and %FROMHOST% != '???' then >>>>>>>>> ?DYNsecure >>>>>>>>> if $syslogfacility-text == 'mail' and %FROMHOST% != '???' then >>>>>>>>> ?DYNmaillog >>>>>>>>> if $syslogfacility-text == 'cron' and %FROMHOST% != '???' then >>>>>>>>> ?DYNcron >>>>>>>>> if $syslogseverity-text == 'crit' and %FROMHOST% != '???' then >>>>>>>>> ?DYNspooler >>>>>>>>> if $syslogfacility-text == 'local7' and %FROMHOST% != '???' then >>>>>>>>> ?DYNboot >>>>>>>>> if $syslogfacility-text == 'local6' and $syslogseverity-text == >>>>>>>>> 'WARNING' >>>>>>>>> and %FROMHOST% != '???' then ?DYNtraps >>>>>>>>> >>>>>>>>> if $syslogseverity <= '6' and %FROMHOST% == '???' then >>>>>>>>> ?DYNIPmessages >>>>>>>>> if $syslogfacility-text == 'authpriv' and %FROMHOST% == '???' then >>>>>>>>> ?DYNIPsecure >>>>>>>>> if $syslogfacility-text == 'mail' and %FROMHOST% == '???' then >>>>>>>>> ?DYNIPmaillog >>>>>>>>> if $syslogfacility-text == 'cron' and %FROMHOST% == '???' then >>>>>>>>> ?DYNIPcron >>>>>>>>> if $syslogseverity-text == 'crit' and %FROMHOST% == '???' then >>>>>>>>> ?DYNIPspooler >>>>>>>>> if $syslogfacility-text == 'local7' and %FROMHOST% == '???' then >>>>>>>>> ?DYNIPboot >>>>>>>>> if $syslogfacility-text == 'local6' and $syslogseverity-text == >>>>>>>>> 'WARNING' >>>>>>>>> and %FROMHOST% == '???' then ?DYNIPtraps >>>>>>>>> >>>>>>>>> but it fails...: >>>>>>>>> # service rsyslog start >>>>>>>>> Starting system logger: rsyslogd: run failed with error -2207 (see >>>>>>>>> rsyslog.h or try http://www.rsyslog.com/e/2207 to learn what that >>>>>>>>> number >>>>>>>>> means) >>>>>>>>> [ OK ] >>>>>>>>> >>>>>>>>> my guess is it is my %FROMHOST% == '???' - is this format correct >>>>>>>>> or >>>>>>>>> how >>>>>>>>> is this done... >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks in advance :-) ! >>>>>>>>> ~maymann >>>>>>>>> >>>>>>>>> >>>>>>>>> 2012/2/1 <[email protected]> >>>>>>>>> >>>>>>>>> On Wed, 1 Feb 2012, Michael Maymann wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I want to log information about hosts that are not logging with >>>>>>>>>>> correct >>>>>>>>>>> HOSTNAME. >>>>>>>>>>> In my current setup, I get a dir "???" where these host(s) are >>>>>>>>>>> logging >>>>>>>>>>> to... >>>>>>>>>>> >>>>>>>>>>> I would like to change this to the hosts IP instead, something >>>>>>>>>>> like: >>>>>>>>>>> if %FROMHOST% == '???' then %FROMHOST% == %IP >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> rsyslog cannot do what you are asking. It can't assign a value >>>>>>>>>>> to >>>>>>>>>>> >>>>>>>>>> a >>>>>>>>>> property. >>>>>>>>>> >>>>>>>>>> what you can do is to setup a different template and then if >>>>>>>>>> %fromhost% >>>>>>>>>> is your special pattern you can log with this different template. >>>>>>>>>> >>>>>>>>>> David Lang >>>>>>>>>> ______________________________********_________________ >>>>>>>>>> rsyslog mailing list >>>>>>>>>> http://lists.adiscon.net/********mailman/listinfo/rsyslog<http://lists.adiscon.net/******mailman/listinfo/rsyslog> >>>>>>>>>> <http**://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog> >>>>>>>>>> > >>>>>>>>>> <http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog> >>>>>>>>>> <htt**p://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog> >>>>>>>>>> <htt**p://lists.adiscon.net/mailman/****listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>>>>>>> > >>>>>>>>>> <htt**p://lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>>>>>>> <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> http://www.rsyslog.com/********professional-services/<http://www.rsyslog.com/******professional-services/> >>>>>>>>>>> <http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>> <http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>>>>>>> <http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <http://**www.rsyslog.com/****professional-**services/<http://www.rsyslog.com/**professional-**services/> >>>>>>>>>> <http:**//www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/> >>>>>>>>>> > >>>>>>>>>> <http:**//www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> ______________________________******_________________ >>>>>>>>> >>>>>>>> >>>>>>>> rsyslog mailing list >>>>>>> http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog> >>>>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>>> > >>>>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>>>> <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>>> > >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> http://www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>>>> <http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>> > >>>>>>> <http://**www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/> >>>>>>> <http:**//www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>>>>> > >>>>>>> >>>>>>>> >>>>>>>> >>>>>>> ______________________________******_________________ >>>>>>> >>>>>>> rsyslog mailing list >>>>>> http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog> >>>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>> > >>>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>>> <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>> > >>>>>> >>>>>>> >>>>>>> >>>>>>> http://www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>>> <http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>> > >>>>>> <http://**www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/> >>>>>> <http:**//www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>>>> > >>>>>> >>>>>>> >>>>>>> >>>>>> ______________________________******_________________ >>>>>> >>>>>> rsyslog mailing list >>>>> http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog> >>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>> > >>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>> <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>> > >>>>> >>>>>> >>>>>> >>>>>> http://www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>> <http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>> > >>>>> <http://**www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/> >>>>> <http:**//www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>>> > >>>>> >>>>>> >>>>>> >>>>> ______________________________****_________________ >>>>> >>>> rsyslog mailing list >>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>> > >>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>> > >>>> >>>> ______________________________****_________________ >>>> >>> rsyslog mailing list >>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>> > >>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>> > >>> >>> ______________________________**_________________ >> rsyslog mailing list >> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >> >> ______________________________**_________________ > rsyslog mailing list > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> > http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
