Linux has a rather sophisticated mechanism for plugging in arbitrary ways of
doing name resolution. DNS has 'won' but hitorically there have been many other
options. Research nsswitch (/etc/nsswitch.conf) and see if there is something
that you can leverage.
or, if you can set the hostname of the resources as they are created to be some
predicatable pattern rather than the AWS default of IP based, you can then make
your logic use that. (This is the approach I would look into). What mechanism
this will be will depend on how you are configuring/provisioning the systems.
David Lang
On Tue, 16 Nov 2021, Scott Slattery wrote:
Date: Tue, 16 Nov 2021 15:14:51 -0700
From: Scott Slattery <[email protected]>
To: David Lang <[email protected]>
Cc: Scott Slattery via rsyslog <[email protected]>
Subject: Re: [rsyslog] FROMHOST missing on central log collector
Thanks, David, I was hoping this was possible. Since the compute resources
are dynamic, using any sort of local /etc/hosts would be impossible since
the IP are unpredictable. Can you point me to how I would do this on the
client-server?
Thanks
*Scott Slattery*
*Sr. Enterprise/Cloud Architect*
*Cloud, Compute, Information & Architecture Team*
motorolasolutions.com
*O: 602.529.8226*
*E*: [email protected]
On Tue, Nov 16, 2021 at 2:59 PM David Lang <[email protected]> wrote:
fromhost is the result of a name lookup of fromhost-ip. On the receiver,
you can
control this with your name resolution (DNS, /etc/hosts, other mechanisms)
but a better option would probably be to set the hostname on the sender.
The
hostname field in the message is under the full control of the sender.
David Lang
On Tue, 16 Nov 2021, Scott Slattery via rsyslog wrote:
Date: Tue, 16 Nov 2021 14:56:09 -0700
From: Scott Slattery via rsyslog <[email protected]>
To: rsyslog-users <[email protected]>
Cc: Scott Slattery <[email protected]>
Subject: [rsyslog] FROMHOST missing on central log collector
Hello,
I have a central log server, many of them, using rsyslog to aggregate
logs
from remote servers. Everything works great but I have a new challenge
and
am hoping for some recommendations.
I have a number of AWS auto-scaling groups where compute resources are
dynamically scaled up and down. Each of these will have a custom rsyslog
configuration pulled from the AWS AMI.
These dynamic resources are not added to DNS due to their dynamic nature
so
they will not have DNS assigned FQDNs.
Because of the lack of a hostname, my central log server is getting only
IP. I aggregate based on FROMHOST-FROMHOST-IP.
So what I'm seeing today looks like '10.38.134.77-10.38.134.77' where I
want to see ause1oagbtst03.mydomain.com-10.41.102.168
What I'd want to do is have easy resource send using the same hostname
and
current IP. This later will allow me to aggregate all resources by name.
I did not see any way of affecting the FROMHOST information unless, on
the
collector, I have rules based on IP address which isn't optimal given the
dynamic nature of the IPs changing.
Any suggestion is appreciated.
*Scott Slattery*
*Sr. Enterprise/Cloud Architect*
*Cloud, Compute, Information & Architecture Team*
motorolasolutions.com
*O: 602.529.8226*
*E*: [email protected]
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
