log the message with the template RSYSLOG_DebugFormat
I'd bet that the header for the messages does not have the IP address there, it
may be missing entirely, which has rsyslog using fromhost instead, and you may
have a /etc/hosts entry that maps that IP to localhost.
but we can't really figure out what's happening until we can see the rawmsg
that's triggering the behavior you are seeing.
David Lang
On Wed, 11 Nov 2020,
Psquare via rsyslog wrote:
Date: Wed, 11 Nov 2020 22:54:39 +0530
From: Psquare via rsyslog <[email protected]>
To: Rainer Gerhards <[email protected]>
Cc: Psquare <[email protected]>,
rsyslog-users <[email protected]>
Subject: Re: [rsyslog] Rsyslog working
Thanks for the prompt response.
If the info is read from the header which always has an IP address , the
'hostname' property should always show the IP address, but in my case it is
showing 'localhost. Why is it happening?
Please also provide more info about other fields, how they get mapped to
value?
Thanks,
Prashant
On Wed, Nov 11, 2020 at 9:12 PM Rainer Gerhards <[email protected]>
wrote:
Hi,
this info is read from the header (RFC3164 or 5424 depending on format).
You may be more interested in fromhost-ip property (but that's the
last hop in a relay scenario).
HTH
Rainer
El mié., 11 nov. 2020 a las 16:38, Psquare via rsyslog
(<[email protected]>) escribió:
>
> Hi Everyone,
>
> I have few queries regarding rsyslog functioning. I am using rsyslog
> service to collect the logs. For separating the logs coming from
different
> sources, I am creating the files as per the source IP address, and using
> the 'hostname' property for the same. In some cases the "hostname"
> property is getting resolved to the 'IP address', but in other cases it
> shows as "local host".
> However, 'fromHost' value is getting resolved to the IP address.
>
> Would you please enlighten me why it is happening? How does the 'rsyslog'
> determine its value, is it by reading the header or payload of the
> message?. Kindly also help me to understand the exact and
> detailed difference of below 4 properties and which one should be used
> where?
>
> *hostname*
> *source*
> *fromhost*
> *fromhost-ip*
>
> I really appreciate your help!
>
> Thanks,
> Prashant
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
