On Mon, 18 Jan 2016, Viktor Jakobsson wrote:
Hi!
I'll copy/paste the question I posted on #rsyslog @freenode.
--------------------------
Hi.
I have some trouble figuring out how to manipulate the HOSTNAME-property. I have a rsyslog server
setup on a CentOS 7 machine, which is going to collect data from both Linux machines aswell as
switches (H3C). However, the switches sends the syslog message in the following format: "%Jun
13 17:40:09:347 2000 $hostname" and the Linux machines is sending it like this: "Jan 14
15:01:01 $hostname"
This makes rsyslog to match on "2000" in the messages from the switches, which
is not the hostname. So, is it possible to change the hostname-statement for a couple of
machines, or is it globally in the configuration? Or is it any simpler way to make this
more dynamic?
This Linux system is sending valid syslog messages, the switch is not RFC
compliant.
There is a pmciscoios parser module that fixes some, if not all of the cisco
strangeness, you would need to set it up.
take a look at the docs, and if you can't figure it out, ask again and I'll dig
up a real-life example.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
