On Fri, 5 Dec 2014, Douglas K. Rand wrote:
I have an ImageStream router and it seems to have a fairly brain dead
syslog on it: all of the messages it generates are missing both the
hostname and the time. From an ngrep capture:
<13>root: testing.
Is there an easy way to persuade rsyslogd v8 to add both of those for
me? 99.99% of my UDP traffic is well formed, just a bit from this borked
host.
rsyslog tries to do this by default, but if the heuristics don't work then the
approach that you can take is to do a manual fixup for any traffic from that IP.
The first thing to do is to see exactly what rsyslog does for this traffic
if $fromhost-ip == '1.1.1.1' then /var/log/testing;RSYSLOG_DebugFormat
look at exactly what ends up in each variable.
Then you can create a custom format to use for that IP.
For example, if the "root" string ends up in the hostname field, you could do:
$format fixup1,"<%pri%>%timestamp% %fromhost% %hostname%%msg%"
if $fromthost-ip == '1.1.1.1' then {
whatever you do with the messages
stop
}
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
