[rsyslog-notify] Forum Thread: Re: How to display ip-address of relaying host - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Nov 13 12:08:50 CET 2015
User: hohi888
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26140#p26140
Message:
----------
Comparing the syslog messages produced by the sysklogd used at relaying
Host2 before with the messages generated by newly introduced rsylogd I have
found the reason for my issue with the missing IP-address of relaying Host2
at the syslogs printed at Host3:
The “PRI Part” as described in RFC3164 and RFC5424 is missing at messages
arriving at Host3!
With the Host2-configuration
$template RemoteFormat,"from host: %fromhost-ip% %hostname%
%syslogtag%%msg%\n"
I get the following syslog printout at Host3 (with missing relay IP)
Nov 13 11:25:33 from host: 10.254.254.101 iu_01 root: test
By adding the “PRI Part” (USER.NOTICE) to the configuration manually
$template RemoteFormat,"<13> from host: %fromhost-ip% %hostname%
%syslogtag%%msg%\n"
I get the syslog printout as I wanted it
Nov 13 11:23:03 [color=#008040:2d8mqxl8]192.168.136.224 [/color:2d8mqxl8]
from host: 10.254.254.101 iu_01 root: test
Do you know any reason why the “PRI Part” is missing in the messages?
Is there any property available to insert it?
pcap-traces are attached.
More information about the rsyslog-notify
mailing list