[rsyslog] Separating logs by host?
Rainer Gerhards
rgerhards at hq.adiscon.com
Fri Dec 21 19:20:07 CET 2007
Just out of my head and from the pda while being out of office: try the -x option. Will check mail later again :)
----- Ursprüngliche Nachricht -----
Von: "Scott Baker" <bakers at web-ster.com>
An: "rsyslog-users" <rsyslog at lists.adiscon.com>
Gesendet: 21.12.07 19:13
Betreff: Re: [rsyslog] Separating logs by host?
Rainer Gerhards wrote:
> Debug mode is the keyword here ;)
>
> Add -d -n to the command line and run it interactively with stdout
> redirected to a file. Maybe I've made a mistake with the directives,
> maybe we have another issue. Debug output can get quite large, please do
> not send it to the list (I think mailman will bounce it anyhow). You can
> email me privately (rgerhards at adiscon.com) if you like.
>
> Just be warned: its 7p right now here and I can not promise to fix a
> larger problem before xmas ;)
You rock! Rsyslog Debug Mode = Good stuff! I was able to get it
working just fine with the BSD style selectors. The FROMHOST part is
still giving me grief though:
Filter: check for property 'FROMHOST' (value 'extirpate') isequal
'1.2.3.4': FALSE
So my question is... for the BSD style selectors and FROM it appears
that rsyslog is using just the hostname and not the FULL reverse dns
name: extirpate vs extirpate.web-ster.com. Is that by design? I
don't think it will be a problem but I could see where you would
want to separate.
mail.domain1.com
vs
mail.domain2.com
Anyway, FROMHOST is using the name and not the IP address to match
against. Is there another property I should use? I don't see
anything in the docs... In reality I could match about the hostname
with a regexp since all my DSL is named the same...
Again IP would be ideal and easier...
--
Scott Baker - Canby Telcom
RHCE - System Administrator - 503.266.8253
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
More information about the rsyslog
mailing list