On Fri, 23 Dec 2016, Swartz, Patrick wrote:
Remember when I said I was still a novice ... well... I think I understand my mistake...From the debug: FROMHOST: 'whqlrsyslog01.mycompany.com', fromhost-ip:'10.20.12.52', HOSTNAME: 'sftplprod01', PRI: 38, The server "whqlrsyslog01" is the rsyslog box that is forwarding, whereas "sftplprod01" is the original source. So, guess my question is more... is there a way I can setup the "FROMHOST" to use the "HOSTNAME" dynamically on the forward?
FROMHOST and HOSTNAME have meaning on the local system, when you send a message, you send a string that can be formatted any way you want it to. But if you send messages through a relay, the thing receiving the message from the relay will see the fromhost/fromhost-ip as being the relay (as it should be, because that's where the network packets were sent from)
omudpspoof was created to deal with badly written proprietary software that doesn't know how to deal with messages sent through a relay. It is slow and is abusing the network to function, but can sometimes be the right thing to do.
If you need it, the documentation page shows how to use it. http://www.rsyslog.com/doc/v8-stable/configuration/modules/omudpspoof.html It's still not clear what you are trying to do. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
