how are you getting the logs into rsyslog? is your app sending them to localhost
port 514 UDP? writing them to /dev/log? something else?
David Lang
On Sat, 5 Oct 2013, Chris 'Chipper' Chiapusio wrote:
rsyslog is not inserting a hostname, the central log server (rsyslog V7) is
using the
first word as the hostname (and creating fun dynamic directories with them)
Chip
On Fri, Oct 04, 2013 at 04:52:24PM -0700, David Lang wrote:
When rsyslog sends it out, it will send it with a hostname in the message.
What arrives on the remote machine if you don't do anything, just send it?
David Lang
On Fri, 4 Oct 2013, Chris 'Chipper' Chiapusio wrote:
I have an application that can send syslog, however it does not include
the
hostname in the syslog message. I am sending the syslog to localhost
running
rsyslog 3.22.1 (RHEL5.x stock) and want to embed the hostname into the log
messages prior to forwarding them on to their final destination.
I'm just not clear on how to format the property replacer, or if there is
a
built-in variable I can use to stuff the hostname into the property
replacer.
debug log demonstrating the missing hostname data:
6698.153096000:imudp.c: Listening on UDP syslogd socket 4 (IPv4/port 514).
6698.153100000:imudp.c: --------imUDP calling select, active file
descriptors
(max 4): 4
6698.153160000:main queue:Reg/w0: main queue: entering rate limiter
6698.153178000:main queue:Reg/w0: main queue: entry deleted, state 0, size
now 0 entries
6698.153186000:main queue:Reg/w0: Called action, logging to builtin-fwd
6698.153193000:main queue:Reg/w0: action 9 queue: entry added, size now 1
entries
6698.153202000:main queue:Reg/w0: wtpAdviseMaxWorkers signals busy
6698.153209000:main queue:Reg/w0: action 9 queue: EnqueueMsg advised
worker
start
6698.153215000:main queue:Reg/w0: Called action, logging to builtin-file
6698.153228000:main queue:Reg/w0: (/var/log/local6)
6698.153240000:action 9 queue:Reg/w0: action 9 queue: entering rate
limiter
6698.153251000:main queue:Reg/w0: Called action, logging to
builtin-discard
6698.153265000:main queue:Reg/w0:
6698.153271000:main queue:Reg/w0: main queue: entering rate limiter
6698.153276000:main queue:Reg/w0: main queue:Reg/w0: worker IDLE, waiting
for
work.
6698.153300000:action 9 queue:Reg/w0: action 9 queue: entry deleted, state
0,
size now 0 entries
6698.153324000:action 9 queue:Reg/w0: mxloghost
6698.153330000:action 9 queue:Reg/w0: mxloghost:514/tcp
6698.153342000:action 9 queue:Reg/w0: TCP sent 78 bytes, requested 78
6698.153350000:action 9 queue:Reg/w0: action 9 queue: entering rate
limiter
6698.153356000:action 9 queue:Reg/w0: action 9 queue:Reg/w0: worker IDLE,
waiting for work.
6698.154521000:imudp.c: Message from inetd socket: #4, host:
localhost.localdomain
6698.154538000:imudp.c: logmsg: flags 0, from 'localhost.localdomain', msg
Oct 4 19:58:18 filter_instance1 debg s=1ey2g78qfq mod=session cmd=macros
data=j duration=0.000
6698.154543000:imudp.c: Message has legacy syslog format.
6698.154550000:imudp.c: main queue: entry added, size now 1 entries
6698.154564000:imudp.c: wtpAdviseMaxWorkers signals busy
6698.154570000:imudp.c: main queue: EnqueueMsg advised worker start
Thanks,
Chip
_______________________________________________
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
