On Fri, Jan 25, 2013 at 12:24 PM, David Lang <[email protected]> wrote: > did you also change your default template statement to use your new format? > > It's also useful to write a log with the RSYSLOG_DebugFormat, it lists all > the variables that are set so that you can pick which one you want to use. >
I am checking that thing out now. > > also, are you sure that syslog-ng was using the hostname from the message, > not doing a reverse DNS lookup to get the hostname? (that would be the > %FROMHOST% variable in rsyslog) > I am not sure how come a variable from rsyslog effect the reverse DNS lookup at the central syslog server. Can you please explain that? (I'm new to syslog and stuff so sorry if this is blunt obvious). > > David Lang > > > On Fri, 25 Jan 2013, shadyabhi wrote: > > Hi David, >> >> Thanks for you reply. I added, >> >> # A template that resambles traditional syslogd file output: >> $template TraditionalFormat,"%**timegenerated% %HOSTNAME% >> %syslogtag%%msg:::drop-last-**lf%\n" >> >> to my already existing rsyslog.conf but it didn't help. Can you please be >> more specific about how the conf file should look like? >> >> >> On 01/25/2013 12:27 AM, David Lang wrote: >> >>> you want to change your default template, the TraditionalFileFormat >>> matches the old syslog RFC, which specifies that hostnames should be >>> shortened. >>> >>> David Lang >>> >>> On Thu, 24 Jan 2013, shadyabhi wrote: >>> >>> Date: Thu, 24 Jan 2013 18:10:48 +0530 >>>> From: shadyabhi <[email protected]> >>>> Reply-To: rsyslog-users <[email protected]> >>>> To: [email protected] >>>> Subject: [rsyslog] Preserve full FQDNs in logs while sending from >>>> rsyslog to >>>> syslog-ng >>>> >>>> Hi, >>>> >>>> I am trying to send logs from rsyslog to syslog-ng server via UDP. If >>>> the hostname for the box is foobar.server.com, I only get foobar in >>>> the logs. For ex, I get >>>> >>>> Jan 24 12:31:08 foobar policyd: connection from: 127.0.0.1 port: 45594 >>>> slots: 0 of 4096 used >>>> but what I expected was: >>>> Jan 24 12:31:08 foobar.server.com policyd: connection from: 127.0.0.1 >>>> port: 45594 slots: 0 of 4096 used >>>> >>>> My rsyslog.conf: >>>> >>>> $ModLoad imuxsock >>>> $ModLoad imklog >>>> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat >>>> $IncludeConfig /etc/rsyslog.d/*.conf >>>> $PreserveFQDN on >>>> *.info;mail.none;authpriv.**none;cron.none /var/log/messages >>>> authpriv.* /var/log/secure >>>> mail.* -/var/log/maillog >>>> cron.* /var/log/cron >>>> *.emerg * >>>> uucp,news.crit /var/log/spooler >>>> local7.* /var/log/boot.log >>>> @syslog.server.com:514 >>>> >>>> And my syslog-ng.conf looks like: http://sprunge.us/OUOL >>>> >>>> Also, I want to point out that sending logs from syslog to syslog-ng >>>> works perfectly. >>>> >>>> >>>> ______________________________**_________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> >> >> >> ______________________________**_________________ > rsyslog mailing list > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> > http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- Regards, Abhijeet Rastogi (shadyabhi) https://plus.google.com/107316377741966576356/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
