that would work if the date is anywhere close to right
see http://support.microsoft.com/kb/244412 and
http://support.microsoft.com/kb/909264 for an explination of why all
numeric hostnames are not allowed (basically due to DNS limitations, which
apply to all systems)
Many applications (including browsers) will treat an all-numeric value as
an IP address (as a 32 bit integer, not as a dotted decimal address) and
as a result, trying to use an all-numeric hostname will cause 'strange
things' to happen to your software. So even if it is possible, it's not
going to work in many cases and so is a _really_ bad idea.
David Lang
On Fri, 13 Apr 2012, Rainer Gerhards wrote:
Nit sure about the letter, but a 4 digit nbr in the range of 2000-2050
should work well. Shouldnt it?
Rainer
"[email protected]" <[email protected]> hat geschrieben:log some of the offending
messages using the format RSYSLOG_Debug so that
we can see the raw message and how it's parsed.
As Rainer says, it's probably generating a message that doesn't quite
comply with the syslog specs (for example, the syslog spec doesn't include
a year in the timestamp)
Once we see what'd going on, we can look at fixing it.
Rainer, I believe that hostnames are required to have a letter in them
somewhere, so it may be worth tweaking the parser so that if the hostname
field has no letters in it and is a 4 digit number, treat it as the year
part of the timestamp.
David Lang
On Fri, 13 Apr 2012, Luke Marrott wrote:
Date: Fri, 13 Apr 2012 09:13:48 -0600
From: Luke Marrott <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: [rsyslog] Incorrect hostname from %hostname%
I am using a combination of rsyslogd and Splunk for syslog in order to
please different requirements within my organization and have ran into a
problem.
The hostnames of some devices is not being recorded correctly.
I've tried both of the following:
#$template default,"/var/log/syslog/%HOSTNAME%/%HOSTNAME%.log"
#*.* ?Default
$template DynaFile,"/var/log/syslog/%HOSTNAME%/%HOSTNAME%.log"
*.* -?DynaFile
And either way I end up with a directory and file named either "Apr" or
"2012" on a few devices.
If I do a tcpdump I can verify that the source information is coming into
the machine.
Then I tried to do a forward to forward the logs to localhost:10514 just so
I could test if Splunk would get the hostname from a forwarded message.
No luck. However if I turn rsyslogd off and turn Splunk to listen directly
to port 514 it works fine.
So somehow rsyslogd is not getting the hostname correctly.
I am running a bit older version:
rsyslogd 4.6.2, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
FEATURE_NETZIP (message compression): Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
Thoughts?
Thanks!
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
