Hi David,
Turns out, it was a BUG!
It's the same as this guy here
http://kb.monitorware.com/viewtopic.php?f=36&t=11868&sid=59a959078d248e24a716d856dc5c9c0a
suffered.
Turns out, $PreserveFQDN has to be the first line in rsyslog.conf.
On 01/25/2013 01:25 PM, David Lang wrote:
On Fri, 25 Jan 2013, Abhijeet Rastogi wrote:
also, are you sure that syslog-ng was using the hostname from the
message,
not doing a reverse DNS lookup to get the hostname? (that would be the
%FROMHOST% variable in rsyslog)
I am not sure how come a variable from rsyslog effect the reverse DNS
lookup at the central syslog server. Can you please explain that?
(I'm new
to syslog and stuff so sorry if this is blunt obvious).
I'm saying that syslog-ng may be logging the reverse DNS of the
machine connecting to it rather than the hostname that was in the log
message.
David Lang
David Lang
On Fri, 25 Jan 2013, shadyabhi wrote:
Hi David,
Thanks for you reply. I added,
# A template that resambles traditional syslogd file output:
$template TraditionalFormat,"%**timegenerated% %HOSTNAME%
%syslogtag%%msg:::drop-last-**lf%\n"
to my already existing rsyslog.conf but it didn't help. Can you
please be
more specific about how the conf file should look like?
On 01/25/2013 12:27 AM, David Lang wrote:
you want to change your default template, the TraditionalFileFormat
matches the old syslog RFC, which specifies that hostnames should be
shortened.
David Lang
On Thu, 24 Jan 2013, shadyabhi wrote:
Date: Thu, 24 Jan 2013 18:10:48 +0530
From: shadyabhi <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: [rsyslog] Preserve full FQDNs in logs while sending from
rsyslog to
syslog-ng
Hi,
I am trying to send logs from rsyslog to syslog-ng server via
UDP. If
the hostname for the box is foobar.server.com, I only get foobar in
the logs. For ex, I get
Jan 24 12:31:08 foobar policyd: connection from: 127.0.0.1 port:
45594
slots: 0 of 4096 used
but what I expected was:
Jan 24 12:31:08 foobar.server.com policyd: connection from:
127.0.0.1
port: 45594 slots: 0 of 4096 used
My rsyslog.conf:
$ModLoad imuxsock
$ModLoad imklog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$PreserveFQDN on
*.info;mail.none;authpriv.**none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
@syslog.server.com:514
And my syslog-ng.conf looks like: http://sprunge.us/OUOL
Also, I want to point out that sending logs from syslog to syslog-ng
works perfectly.
______________________________**_________________
rsyslog mailing list
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you
DON'T LIKE THAT.
______________________________**_________________
rsyslog mailing list
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
--
Cheers,
Abhijeet R
http://blog.abhijeetr.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
