> -----Original Message----- > From: Michael Maymann [mailto:[email protected]] > Sent: Tuesday, February 14, 2012 10:10 AM > To: Rainer Gerhards > Cc: rsyslog-users > Subject: Re: rsyslog tarball > > Hi, > > David: thanks. > Rainer: I will try to install a new rsyslog server with the latest > package you send me. Point my troublesome host to that server and send > you the debug log from there...
Thx, that would be great. We have a great opportunity here to finally iron out the cache code :) Rainer > > Br. > ~maymann > > > 2012/2/14 Rainer Gerhards <[email protected]> > > > > I am not behind NAT..., and some hosts (also RHEL5) from same > VLAN is > > logging their hostname just fine... > > If this is taken from the IP-header, all syslog-messages > (weither it be > > legacy or rsyslog) will report its actual IP in a non-NAT'ed > > environment. So this situation wouldn't be possible neither if > it is > > legacy syslog or rsyslog - am I right ? > > > > Rainer: Are you able to see, from the last debug output I send > you, > > what is happening (think I also send you the hostname/ip of > "the > > problem host" directly) ? > > > I think I didn't get a debug log that shows this problem. At > least I have > none in my mail archive. > > In any case, in order to track this down quickly, I need a debug > log where > the vast majority of traffic is from a system that doesn't appear > to be > right. So that I can see which receive is from that system and > how it is > processed. It is much harder to try to analyze this is there are > several > hosts and I don't know what to look at. Note that I am off to the > Fedora > Developer Conference tomorrow and busy there for the rest of the > week. > > Rainer > > > > > > > Br. > > ~maymann > > > > > > 2012/2/13 Rainer Gerhards <[email protected]> > > > > > > > > > -----Original Message----- > > > From: Michael Maymann [mailto:[email protected]] > > > > > Sent: Monday, February 13, 2012 1:25 PM > > > To: Rainer Gerhards > > > Cc: rsyslog-users > > > Subject: Re: rsyslog tarball > > > > > > > > Hi, > > > > > > Rainer: thanks - the fix you send me seems to work...:- > ) at- > > least on > > > hosts sending its IP... - unfortunately not all legacy > syslog > > clients > > > do..:-( ! > > > > > > I tried to restart syslog again on the host that caused > "???" > > before, > > > but I am still unable to find either IP or hostname in > the > > log... > > > > > > > > > is FROMHOST based on: > > > 1. dns-lookup of the IP inside the transmitted IP- > packet ? > > > > > > or > > > 2. dns-lookup of what it states as its IP/hostname > inside > > syslog- > > > message ? > > > > > > > > > Neither. It's just the remote peer (taken from the IP > header). > > It's not taken > > from a syslog header field. If you use DNS reverse > resolution, > > it's the name, > > else the IP address. > > > > > > > > > > I would prefer 1., as this would always be right - > expect if > > your in a > > > NAT'ed environment... > > > Preferably NAT could be auto-detected (could it be: if > traffic > > is > > > coming from syslog-server LAN or syslog-server default- > GW then > > the > > > client is not NAT'ed ?) or alternatively > > IPPacketIP/IPPacketFromHost > > > (nslookup of IPPacketIP) variables could be added and > used if > > it fits > > > ones environment... ? > > > > > > The best route is to make sure all syslogd'd emit proper > RFC3164 > > or RFC5424 > > format and simply use HOSTNAME. (you may also look at [1] > for NAT > > and > > non-rsyslog). > > > > Rainer > > [1] http://www.rsyslog.com/article19/ > > > > > > > > > > > Br. > > > ~maymann > > > > > > > > > 2012/2/7 Rainer Gerhards <[email protected]> > > > > > > > > > That's a regular log file [in RSYSLOG_DebugForm], > showing > > the log > > > messages as > > > you received them. That's not a debug log that > shows > > rsyslog > > > processing. To > > > create the later, do the same procedure that you > used to > > create > > > the content > > > of your mail I received at 8:43am today. *That* > was a > > debug log. > > > Look at the > > > content of both of your mails and you will > immediately > > notice the > > > difference. > > > > > > Please also keep the mailing list CCed... > > > > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: Michael Maymann > [mailto:[email protected]] > > > > > > > Sent: Tuesday, February 07, 2012 10:28 AM > > > > To: Rainer Gerhards > > > > Subject: Re: rsyslog tarball > > > > > > > > it states "Debug line with all properties:" all > over > > the > > > logfile... > > > > Please tell me how to run this thing...? > > > > > > > > ~maymann > > > > > > > > > > > > > > > > 2012/2/7 Rainer Gerhards > <[email protected]> > > > > > > > > > > > > I guess you mistook files: this was not a > debug > > log but a > > > logfile > > > > ;) > > > > > > > > rainer > > > > > > > > > > > > > -----Original Message----- > > > > > From: Michael Maymann > > [mailto:[email protected]] > > > > > > > > > Sent: Tuesday, February 07, 2012 10:22 > AM > > > > > To: Rainer Gerhards > > > > > Cc: [email protected]; rsyslog-users > > > > > Subject: Re: rsyslog tarball > > > > > > > > > > Just made a shorter run with same info > > inside... > > > attached... > > > > > > > > > > ~maymann > > > > > > > > > > > > > > > 2012/2/7 Rainer Gerhards > > <[email protected]> > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Michael Maymann > > > [mailto:[email protected]] > > > > > > > > > > > Sent: Tuesday, February 07, > 2012 9:46 > > AM > > > > > > To: Rainer Gerhards > > > > > > Cc: [email protected]; rsyslog- > users > > > > > > Subject: Re: rsyslog tarball > > > > > > > > > > > > Hi Rainer, > > > > > > > > > > > > it is 30Mb - please provide > ftp- > > upload... > > > > > > > > > > Zipped or plain? If not zipped, > you can > > probably > > > compress > > > > it by > > > > > 90+%. Anyhow, > > > > > the FTP server is > > > > > > > > > > > ftp://custservice.adiscon.com/incoming > > > > > > > > > > user anonymous, password whatever > you > > like > > > > > Note that you can only upload, > NOT read. > > Most > > > > importantly, you > > > > > won't be able > > > > > to see the file when the upload > is done. > > > > > > > > > > If you can compress and mail the > file, I > > can > > > possibly > > > > faster > > > > > access it, just > > > > > if that's an option. > > > > > > > > > > Thanks! > > > > > Rainer > > > > > > > > > > > > > > > > > > > > > > br. > > > > > > ~maymann > > > > > > > > > > > > > > > > > > 2012/2/7 Rainer Gerhards > > > <[email protected]> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message-- > --- > > > > > > > From: Michael Maymann > > > > [mailto:[email protected]] > > > > > > > Sent: Tuesday, February > 07, > > 2012 8:43 > > > AM > > > > > > > To: Rainer Gerhards; > > [email protected] > > > > > > > Subject: Re: rsyslog > tarball > > > > > > > > > > > > > > [root@oulog001 log]# > > /usr/sbin/rsyslogd > > > -c 6 -d > > > > > > > > > > > > > > > 9788.497831529:7f639a331700: > > rsyslogd > > > 6.3.7- > > > > postexp1 > > > > > startup, > > > > > > > compatibility mode 6, > module > > path '', > > > > cwd:/var/log > > > > > > > > 9788.497969104:7f639a331700: > > caller > > > requested > > > > object > > > > > 'net', not > > > > > > found > > > > > > > > > > > > [snip] > > > > > > > > > > > > Sorry, this debug info > does not > > contain > > > any of > > > > the > > > > > > instrumentation I need (no > > > > > > case occurred) I guess > you have > > cut that > > > off. > > > > Please send > > > > > me a > > > > > > complete file, > > > > > > best as an attachment > (working > > with saved > > > mail > > > > messages > > > > > is far > > > > > > less nice :)). > > > > > > > > > > > > If the debug log is too > large to > > mail, > > > please let > > > > me > > > > > know. I can > > > > > > provide an > > > > > > anonymous upload-only ftp > server > > in that > > > case. > > > > > > > > > > > > Thanks! > > > > > > Rainer > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
