On Mon, 17 Jan 2011, Joe McDonagh wrote:
On 01/17/2011 02:23 AM, [email protected] wrote:
look at /etc/hosts on the client. see if you have the short name or long
name listed first.
If you have the short name listed first, try switching it to long name
first. (when looking something up in /etc/hosts by IP, you get the first
name on the list)
If this doesn't work, then what I suspect is happening is that the sending
system is putting just it's hostname in the logs when it sends. some
distros let you put a FQDN in the /etc/hostnames file without problems. If
your distro lets you do this, try doing that and see if this then changes
what's getting logged by rsyslog.
The third thing you can try is on the server, change it from using the
default template that logs %HOSTNAME%, which is the name the client puts in
the log to %FROMHOST%, which is the name (looked up from the IP) of the
machine that sent the log packet to the receiving rsyslog
David Lang
Long name first... since I have legacy v1 nodes I'd like to not rush to
upgrade, maybe I will do fromhost.
I'd love to use FROMHOST, but what happens if there is no reverse lookup?
Will it evaluate empty or eval to the IP?
it would eval to the IP
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
