Also, I can't seem to start rsyslog in debug mode
/sbin/rsyslogd -d -i /var/run/syslogd.pid -c 5
prints some text and then exists (forking to background). Isn't it
unexpected or I am understanding it all wrong?
On 01/25/2013 12:24 PM, David Lang wrote:
did you also change your default template statement to use your new
format?
It's also useful to write a log with the RSYSLOG_DebugFormat, it lists
all the variables that are set so that you can pick which one you want
to use.
also, are you sure that syslog-ng was using the hostname from the
message, not doing a reverse DNS lookup to get the hostname? (that
would be the %FROMHOST% variable in rsyslog)
David Lang
On Fri, 25 Jan 2013, shadyabhi wrote:
Hi David,
Thanks for you reply. I added,
# A template that resambles traditional syslogd file output:
$template TraditionalFormat,"%timegenerated% %HOSTNAME%
%syslogtag%%msg:::drop-last-lf%\n"
to my already existing rsyslog.conf but it didn't help. Can you
please be more specific about how the conf file should look like?
On 01/25/2013 12:27 AM, David Lang wrote:
you want to change your default template, the TraditionalFileFormat
matches the old syslog RFC, which specifies that hostnames should be
shortened.
David Lang
On Thu, 24 Jan 2013, shadyabhi wrote:
Date: Thu, 24 Jan 2013 18:10:48 +0530
From: shadyabhi <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: [rsyslog] Preserve full FQDNs in logs while sending from
rsyslog to
syslog-ng
Hi,
I am trying to send logs from rsyslog to syslog-ng server via UDP.
If the hostname for the box is foobar.server.com, I only get foobar
in the logs. For ex, I get
Jan 24 12:31:08 foobar policyd: connection from: 127.0.0.1 port:
45594 slots: 0 of 4096 used
but what I expected was:
Jan 24 12:31:08 foobar.server.com policyd: connection from:
127.0.0.1 port: 45594 slots: 0 of 4096 used
My rsyslog.conf:
$ModLoad imuxsock
$ModLoad imklog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$PreserveFQDN on
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
@syslog.server.com:514
And my syslog-ng.conf looks like: http://sprunge.us/OUOL
Also, I want to point out that sending logs from syslog to
syslog-ng works perfectly.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
--
Cheers,
Abhijeet R
http://blog.abhijeetr.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
