Hi, I have a funny problem. Around here we have a number of nodes using old, syslogd, which report to their headnodes, which use rsyslog v3, wich keep relaying till I get a small copy on a test box. This test box uses, since yesterday, rsyslog v4.
I noticed that for rsyslog v4, the last relay is considered to be the source host, the real source host is considered to be the syslogtag and everything else is inside the %msg% property. For the default template, I get messages like these: 2009-03-26T00:00:00+01:00 relayhost sourcehost1 cvs: GSSAPI userok: cvsadmin GSS_C_MUTUAL_FLAG GSS_C_REPLAY_FLAG GSS_C_INTEG_FLAG GSS_C_CONF_FLAG 2009-03-26T00:00:00+01:00 relayhost sourcehost2 cvs: GSSAPI userok: cvsadmin GSS_C_MUTUAL_FLAG GSS_C_REPLAY_FLAG GSS_C_INTEG_FLAG GSS_C_CONF_FLAG And, as I used to have a single file per host, I now have a single, huge "relayhost" file. Filters based on source or program name are broken, of course. What did I screw when upgrading? Thanks. -- Luis Fernando Muñoz Mejías [email protected] _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
