> -----Original Message----- > From: Michael Maymann [mailto:[email protected]] > Sent: Monday, February 13, 2012 1:25 PM > To: Rainer Gerhards > Cc: rsyslog-users > Subject: Re: rsyslog tarball > > Hi, > > Rainer: thanks - the fix you send me seems to work...:-) at-least on > hosts sending its IP... - unfortunately not all legacy syslog clients > do..:-( ! > > I tried to restart syslog again on the host that caused "???" before, > but I am still unable to find either IP or hostname in the log... > > > is FROMHOST based on: > 1. dns-lookup of the IP inside the transmitted IP-packet ? > > or > 2. dns-lookup of what it states as its IP/hostname inside syslog- > message ? >
Neither. It's just the remote peer (taken from the IP header). It's not taken from a syslog header field. If you use DNS reverse resolution, it's the name, else the IP address. > > I would prefer 1., as this would always be right - expect if your in a > NAT'ed environment... > Preferably NAT could be auto-detected (could it be: if traffic is > coming from syslog-server LAN or syslog-server default-GW then the > client is not NAT'ed ?) or alternatively IPPacketIP/IPPacketFromHost > (nslookup of IPPacketIP) variables could be added and used if it fits > ones environment... ? The best route is to make sure all syslogd'd emit proper RFC3164 or RFC5424 format and simply use HOSTNAME. (you may also look at [1] for NAT and non-rsyslog). Rainer [1] http://www.rsyslog.com/article19/ > > > Br. > ~maymann > > > 2012/2/7 Rainer Gerhards <[email protected]> > > > That's a regular log file [in RSYSLOG_DebugForm], showing the log > messages as > you received them. That's not a debug log that shows rsyslog > processing. To > create the later, do the same procedure that you used to create > the content > of your mail I received at 8:43am today. *That* was a debug log. > Look at the > content of both of your mails and you will immediately notice the > difference. > > Please also keep the mailing list CCed... > > > Rainer > > > -----Original Message----- > > From: Michael Maymann [mailto:[email protected]] > > > Sent: Tuesday, February 07, 2012 10:28 AM > > To: Rainer Gerhards > > Subject: Re: rsyslog tarball > > > > it states "Debug line with all properties:" all over the > logfile... > > Please tell me how to run this thing...? > > > > ~maymann > > > > > > > > 2012/2/7 Rainer Gerhards <[email protected]> > > > > > > I guess you mistook files: this was not a debug log but a > logfile > > ;) > > > > rainer > > > > > > > -----Original Message----- > > > From: Michael Maymann [mailto:[email protected]] > > > > > Sent: Tuesday, February 07, 2012 10:22 AM > > > To: Rainer Gerhards > > > Cc: [email protected]; rsyslog-users > > > Subject: Re: rsyslog tarball > > > > > > Just made a shorter run with same info inside... > attached... > > > > > > ~maymann > > > > > > > > > 2012/2/7 Rainer Gerhards <[email protected]> > > > > > > > > > > -----Original Message----- > > > > From: Michael Maymann > [mailto:[email protected]] > > > > > > > Sent: Tuesday, February 07, 2012 9:46 AM > > > > To: Rainer Gerhards > > > > Cc: [email protected]; rsyslog-users > > > > Subject: Re: rsyslog tarball > > > > > > > > Hi Rainer, > > > > > > > > it is 30Mb - please provide ftp-upload... > > > > > > Zipped or plain? If not zipped, you can probably > compress > > it by > > > 90+%. Anyhow, > > > the FTP server is > > > > > > ftp://custservice.adiscon.com/incoming > > > > > > user anonymous, password whatever you like > > > Note that you can only upload, NOT read. Most > > importantly, you > > > won't be able > > > to see the file when the upload is done. > > > > > > If you can compress and mail the file, I can > possibly > > faster > > > access it, just > > > if that's an option. > > > > > > Thanks! > > > Rainer > > > > > > > > > > > > > > br. > > > > ~maymann > > > > > > > > > > > > 2012/2/7 Rainer Gerhards > <[email protected]> > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Michael Maymann > > [mailto:[email protected]] > > > > > Sent: Tuesday, February 07, 2012 8:43 > AM > > > > > To: Rainer Gerhards; [email protected] > > > > > Subject: Re: rsyslog tarball > > > > > > > > > > [root@oulog001 log]# /usr/sbin/rsyslogd > -c 6 -d > > > > > > > > > > 9788.497831529:7f639a331700: rsyslogd > 6.3.7- > > postexp1 > > > startup, > > > > > compatibility mode 6, module path '', > > cwd:/var/log > > > > > 9788.497969104:7f639a331700: caller > requested > > object > > > 'net', not > > > > found > > > > > > > > [snip] > > > > > > > > Sorry, this debug info does not contain > any of > > the > > > > instrumentation I need (no > > > > case occurred) I guess you have cut that > off. > > Please send > > > me a > > > > complete file, > > > > best as an attachment (working with saved > mail > > messages > > > is far > > > > less nice :)). > > > > > > > > If the debug log is too large to mail, > please let > > me > > > know. I can > > > > provide an > > > > anonymous upload-only ftp server in that > case. > > > > > > > > Thanks! > > > > Rainer > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
