[rsyslog-notify] Forum Thread: How to display ip-address of relaying host - (Mode 'post')

Wed Nov 11 18:32:22 CET 2015

User: hohi888 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26132#p26132

Message: 
----------
Versions:
Linux 3.6.11
rsyslogd 8.13.0

In have the following syslog configuration:
Host1 sends logs to Host2 where the rsyslog-configuration below is working.
Host2 receives the logs from Host1 via imudp and forwards them in another
subnet to Host3 (config see below).

[Host1, 10.254.254.101] -> [Host2, 10.254.254.100 > 192.168.136.224] ->
[Host3, 192.168.136.228]

Using the following lines in rsyslog.conf I see the address of relaying
Host2 - even for messages originally coming from Host1- what is what I
want: 

$template RemoteFormat,"%msg%\n"
*.debug @192.168.136.228;RemoteFormat

Now at Host3:
Nov 11 17:47:21 192.168.136.224  this message comes from 10.254.254.101

But I would like to see address and hostname of Host1 at Host3 too.
Therefore I changed the configuration at Host2 as follows:

$template RemoteFormat,"%fromhost-ip% %hostname% %syslogtag%%msg%\n"
*.debug @192.168.136.228;RemoteFormat

Now at Host3:
Nov 11 17:49:28 10.254.254.101 iu_01 root: this message comes from
10.254.254.101

I see address and hostname of Host1 now, but the address of Host2 is gone!
I have not found any property name to insert the relaying IP-address of
Host2 again. How can I configure this? 

rsyslogconf:
module(load="imuxsock")
module(load="imklog")
module(load="imudp")
input(type="imudp" port="514")
#$PreserveFQDN on  <--- can't help us here!
$ActionFileDefaultTemplate RSYSLOG_SysklogdFileFormat
$template RemoteFormat,"%fromhost-ip% %hostname% %syslogtag%%msg%\n"
#$template RemoteFormat,"%msg%\n"
*.info          /tmp/syslog.1
*.debug         @192.168.136.228;RemoteFormat