On Wed, 24 Nov 2010, Monty wrote:
Hi,
I'm trying to filter based on the host which is sending the syslog
data. I've tried this based around hostname and fromhost, but both
only contain the node name, not the full hostname.
I suspected this could be because the rsyslog server is running on the
same domain as the host doing the reporting, but my /etc/resolv.conf
does not have any reference to the domain, so I cannot see why rsyslog
would shorten the full hostname to just the node name. Resolving the
IP address from the command line returns the full hostname. I've seen
messages from Rainer saying that rsyslog uses the systems resolving
capacity, so I can't see why it should be any different.
hostname would be whatever is put in the log by the sending server.
fromhost should be a reverse lookup of the IP address you received the log
from (note that if this is relayed through another host, you get the
name/IP of the relay, not the sender)
if you are only getting a short name, check your /etc/hosts file to see if
you have it listed there with a short name first (name resolution will use
/etc/hosts before going to DNS, and a name lookup into /etc/hosts will
return the first name on the line)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
