[rsyslog-notify] Forum Thread: Re: non-standard output format when hostname is missing - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Mon Nov 16 14:19:03 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26151#p26151
Message:
----------
rsyslog populates the hostname field with the fromhost-ip when it can
detect that there is no hostname
the trouble is that much of the time, rsyslog can't tell if the string
there is a hostname or not
if you have
<pri>timestamp your log message here
how can rsyslog tell the difference between this and a machine named 'your'
putting it's hostname in the message?
similarly, how can it tell the difference between this and a procid 'log'?
rsyslog tries to guess, but most of the time, it's not going to be able to
tell that the hostname is missing unless the thing in the hostname field
includes characters that aren't allowed in the hostname.
More information about the rsyslog-notify
mailing list