[rsyslog] logging hostnames
Joe Williams
joe at joetify.com
Wed Jul 7 19:42:37 CEST 2010
David,
Thanks, I think you're right:
<14>Jul 2 21:25:38 HOSTNAME log message
vs
<149>customer:[<0.20341.5496>] IPADDR log message
The latter is the message that our server is sending.
-Joe
On Jul 7, 2010, at 10:27 AM, david at lang.hm wrote:
> On Wed, 7 Jul 2010, Joe Williams wrote:
>
>> I have a couple services (haproxy and homegrown erlang stuff) that log
>> directly to my rsyslog server. With these services I found that they log
>> the reverse DNS rather than the hostname but with the logs that come
>> from actual rsyslog clients they show up as one would expect with the
>> real hostname, like what is returned from the "hostname" command. I've
>> tried a few different things with "-x" and fromhost vs hostname and
>> can't seem to get anything other than either an IP or a rDNS. Any
>> suggestions? Do I need to include more information in the messages I
>> send to rsyslog or perhaps adjust a config?
>
> probably what is happening is that your server is not sending a properly
> formatted syslog message to rsyslog, so it is figuring out the info
> itself.
>
> try setting up a format with %raw% in it (the raw message that rsyslog
> receives) and look at it.
>
> it _should_ be in the format
>
> <number> HH:MM:SS hostname syslogtag message
>
> I suspect that you are not getting the data in that format so rsyslog
> isn't recognising the hostname from the syslog message, so is having to
> fall back on IP address or reverse DNS.
>
> David Lang
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
Name: Joseph A. Williams
Email: joe at joetify.com
Blog: http://www.joeandmotorboat.com/
Twitter: http://twitter.com/williamsjoe
More information about the rsyslog
mailing list