you can use %$myhostname% to embed the hostname of the local system in a
template.
you are headed in the right direction, take a look at
http://www.rsyslog.com/doc/property_replacer.html for the list of variables that
are defined.
David Lang
On Tue, 8 Oct 2013, Chris 'Chipper' Chiapusio wrote:
The application is delivering the logs to localhost on port 514/udp.
I've figured out how to get the logs right on the receiving rsyslog server,
but I do need to send to one other destination that I do not have control of
and would like to send them a properly formated log.
Is it possible to utilize system shell environment variables or shell execs
to acquire the local hostname (hostname -s) for use in a %HOSTNAME:::%
substitution?
Chip
On Tue, Oct 08, 2013 at 08:45:25AM -0700, David Lang wrote:
how are you getting the logs into rsyslog? is your app sending them to
localhost port 514 UDP? writing them to /dev/log? something else?
David Lang
On Sat, 5 Oct 2013, Chris 'Chipper' Chiapusio wrote:
rsyslog is not inserting a hostname, the central log server (rsyslog V7)
is using the
first word as the hostname (and creating fun dynamic directories with
them)
Chip
On Fri, Oct 04, 2013 at 04:52:24PM -0700, David Lang wrote:
When rsyslog sends it out, it will send it with a hostname in the
message. What arrives on the remote machine if you don't do anything,
just send it?
David Lang
On Fri, 4 Oct 2013, Chris 'Chipper' Chiapusio wrote:
I have an application that can send syslog, however it does not include
the
hostname in the syslog message. I am sending the syslog to localhost
running
rsyslog 3.22.1 (RHEL5.x stock) and want to embed the hostname into the
log
messages prior to forwarding them on to their final destination.
I'm just not clear on how to format the property replacer, or if there
is a
built-in variable I can use to stuff the hostname into the property
replacer.
debug log demonstrating the missing hostname data:
6698.153096000:imudp.c: Listening on UDP syslogd socket 4 (IPv4/port
514).
6698.153100000:imudp.c: --------imUDP calling select, active file
descriptors
(max 4): 4
6698.153160000:main queue:Reg/w0: main queue: entering rate limiter
6698.153178000:main queue:Reg/w0: main queue: entry deleted, state 0,
size
now 0 entries
6698.153186000:main queue:Reg/w0: Called action, logging to builtin-fwd
6698.153193000:main queue:Reg/w0: action 9 queue: entry added, size now
1
entries
6698.153202000:main queue:Reg/w0: wtpAdviseMaxWorkers signals busy
6698.153209000:main queue:Reg/w0: action 9 queue: EnqueueMsg advised
worker
start
6698.153215000:main queue:Reg/w0: Called action, logging to builtin-file
6698.153228000:main queue:Reg/w0: (/var/log/local6)
6698.153240000:action 9 queue:Reg/w0: action 9 queue: entering rate
limiter
6698.153251000:main queue:Reg/w0: Called action, logging to
builtin-discard
6698.153265000:main queue:Reg/w0:
6698.153271000:main queue:Reg/w0: main queue: entering rate limiter
6698.153276000:main queue:Reg/w0: main queue:Reg/w0: worker IDLE,
waiting for
work.
6698.153300000:action 9 queue:Reg/w0: action 9 queue: entry deleted,
state 0,
size now 0 entries
6698.153324000:action 9 queue:Reg/w0: mxloghost
6698.153330000:action 9 queue:Reg/w0: mxloghost:514/tcp
6698.153342000:action 9 queue:Reg/w0: TCP sent 78 bytes, requested 78
6698.153350000:action 9 queue:Reg/w0: action 9 queue: entering rate
limiter
6698.153356000:action 9 queue:Reg/w0: action 9 queue:Reg/w0: worker
IDLE,
waiting for work.
6698.154521000:imudp.c: Message from inetd socket: #4, host:
localhost.localdomain
6698.154538000:imudp.c: logmsg: flags 0, from 'localhost.localdomain',
msg
Oct 4 19:58:18 filter_instance1 debg s=1ey2g78qfq mod=session
cmd=macros
data=j duration=0.000
6698.154543000:imudp.c: Message has legacy syslog format.
6698.154550000:imudp.c: main queue: entry added, size now 1 entries
6698.154564000:imudp.c: wtpAdviseMaxWorkers signals busy
6698.154570000:imudp.c: main queue: EnqueueMsg advised worker start
Thanks,
Chip
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
