I told my switch to send its logs to my centralized (r)syslog server. Now, its log entries look like
Oct 6 02:14:03 2013-10-06 02: 14:14 10.0.0.3 61565 The switch has learned a new MAC address bc:5f:f4:54:d7:8d, vid:10, interface:port 1. As opposite to Oct 5 18:54:45 monkey System SYSTEM:#011User [admin] failed to log in. which means I cannot get the *proper* %HOSTNAME% to be used with $template DailyPerHostLogs,"/var/log/syslog/%HOSTNAME%/messages_%$YEAR%-%$MONTH%-%$DAY%.log" i.e., it thinks 2013-10-06 is the hostname. Since I cannot edit the way the log is being spit out by the switch, is there any kind of postprocessing I can do at the syslog server side? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
