I will prepare a new file + details, in the next 30mins :) Rainer Gerhards wrote: > Ah, I've now reviewed it, but there is no message in it from a host that > does not send a HOSTNAME (The last message... case). What syslogd are > your running on the clients? Sysklogd? And which version? I am asking > because I could check the code and see what exactly it generates. I > already begin to get some bad feelings about what it sends ;) > > What I see is rsyslog's bug (the one just fixed) and an error message > telling you that rsyslog is discarding a selector line because of no > actions. That is the one where you had use the filter but without > actions. > > Filters work only in front of actions in v2. So if you don't provide an > action, nothing happens except that startup error message. Please note > that the doc just talks about the property based filter. But it doesn't > mean you can use it without an action. Filters only work with actions. > In v3, things are already a bit different and will be much more > different soon. V3 offers full expression support, so you can do > Boolean operations inside filters. Also, v3 will be scriptable. > > HTH, > Rainer > > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:rsyslog- >> [EMAIL PROTECTED] On Behalf Of Radu Gheorghiu >> Sent: Saturday, March 22, 2008 6:14 PM >> To: rsyslog-users >> Subject: Re: [rsyslog] Property-Based Filters >> >> Hmm i think i don't understand . Haven't you received the file that i >> sent you? Or did i miss something? >> >> Radu >> >> Rainer Gerhards wrote: >> >>> Well... Rsyslog tries all kind of things to get hold of the real >>> >> host. >> >>> So if you could send me a copy of the one causing problems, I may >>> >> (may >> >>> ;)) be able to do something against it. HOSTNAME should always >>> >> contain >> >>> something usable, but as you say ... it depends ;) >>> >>> Rainer >>> >>> >>> >>>> -----Original Message----- >>>> From: [EMAIL PROTECTED] [mailto:rsyslog- >>>> [EMAIL PROTECTED] On Behalf Of Radu Gheorghiu >>>> Sent: Saturday, March 22, 2008 2:48 PM >>>> To: rsyslog-users >>>> Subject: Re: [rsyslog] Property-Based Filters >>>> >>>> I don't think that the HOSTNAME problem is a rsyslog problem. >>>> I think that the remote host is not sending the HOSTNAME. >>>> Remote host is using the classic syslog . >>>> and it is configured like this: >>>> *.* >>>> >>>> >>> @central-logger >>> >>> >>>> on the central logger .. i modify my template for debug: >>>> $template MyTemplateName,"TheHost:d%HOSTNAME%d %syslogseverity% >>>> >>>> >>> TheMsg: >>> >>> >>>> %msg%\n" >>>> >>>> and in the logs: >>>> TheHost:dlastd 5 TheMsg: repeated 8 times >>>> >>>> Seems like the message had no hostname field. and rsyslog thinks >>>> "last" >>>> is the hostname. >>>> >>>> Radu >>>> >>>> _______________________________________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> >>>> >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> >>> >>> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > >
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
