[rsyslog-notify] Forum Thread: Re: Hostname with forwarding - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Mon Sep 5 16:29:52 CEST 2016
User: uppsalanet
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26924#p26924
Message:
----------
Try use a template for ffwd using %FROMHOST%:
[code:2gta5klf]template (name="fwdCSIRT" type="string"
string="<%PRI%>%TIMESTAMP:::date-rfc3339% %FROMHOST%
%syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%")[/code:2gta5klf]
Or use from sendig part:
#Rsyslog uses the glibc routine gethostname() or gethostbyname() to
determine the hostname
#of the local machine The gethostname() or gethostbyname() routine check
the contents of
#/etc/hosts for the fully qualified domain name (FQDN) if you are not using
BIND or NIS.
#The output of hostname --short will be used by rsyslog when writing log
messages. You will
#have to add $PreserveFQDN on to the beginning of the file (before using
any directive that
#write to files). This is because, rsyslog reads config file and applies it
on-the-go and
#then reads the later lines.
[code:2gta5klf]$PreserveFQDN on[/code:2gta5klf]
More information about the rsyslog-notify
mailing list