when you have a question about what's set, log things with the template
RSYSLOG_DebugFormat
rsyslog looks for the hostname in the message per the RFC formats, but if it
cannot find one, it fills it in based on the source of the message (fromhost or
fromhost-ip)
I'd bet that if you look at the rawmsg that's output by the debug format, you
will see that it's not a proper syslog message.
David Lang
On Wed, 7 Oct 2020, Stephen via
rsyslog wrote:
Date: Wed, 7 Oct 2020 16:33:52 -0700
From: Stephen via rsyslog <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: [rsyslog] Where does HOSTNAME come from?
I am trying to get several Cisco swtches to log remotely to rsyslog. The
logging works fine but rsyslog insists the hostname is the source IP address.
I had the network guy set the device-id to the name of the switch but
rsyslogs still thinks HOSTNAME is the IP address.
The specific configuration is:
template (name="NwDevLog" type="string"
string="/var/log/network/%HOSTNAME%/messages.log")
if $syslogfacility-text == 'local5' then ?NwDevLog
if $syslogfacility-text == 'local5' then stop
I finally "fixed" it by adding the IP and host name to /etc/hosts on the
syslogger but that seem like a workaround.
Where does rsyslog get the hostname from?
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
