Re: [rsyslog] Syslogging FQDN logfile/logdir howto/links/examples

Fri, 13 Jan 2012 12:34:41 -0800

you need to be aware that doing the DNS queries is rather expensive (although I think I saw a comment that in the very latest 6.2 version there may now be a DNS cache that will drastically help)
you would need to create a template with FROMHOST in it and use that as the filename to write to (look for dynafile in the documentation) 


note that if you are relaying logs from one machine to another, only the 
first machine will see the true source in FROMHOST, machines after that 
will only see the relay box.


let me know if this doesn't give you enough clues to learn how to do this.

David Lang


 On Fri, 13 Jan 
2012, Michael Maymann wrote:



Date: Fri, 13 Jan 2012 14:43:06 +0100
From: Michael Maymann <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir howto/links/examples

Furthermore: would it be possible to validate FQDN from DNS and not from
syslog-info hostname.
We are getting a lot of weird logfiles as some applications are not
including the hostname as the first parameter in the syslog-entries, e.g.:
Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10
[issue_cmd           ] STATUS: 1#012#01212/16/11 09:47:10
[issue_cmd           ] RESULT:#012#01212/16/11 09:47:10
[issue_cmd           ] #012#01212/16/11 09:47:10 [set_host_compat_list]
#012#01212/16/11 09:47:10 [issue_cli_cmd       ] command is
'/opt/vmware/aam/bin/ftcli -domain vmware -cmd "SetUserData HostCompatList
text /tmp/hostCompatList"'#012#01212/16/11 09:47:40

Would be nice to validate FQDN from sender DNS query...

Thanks in advance :-) !
~maymann


2012/1/13 Michael Maymann <[email protected]>


Hi List,

I'm new to rsyslog/syslog in general.

I would like to syslog from all my 100+ network devices.
Preferably I would like a FQDN.log file for each host (or a FQDN-dir
containing logs from this host if more logfiles per host are best
practice)...

Can anyone give me an example of (or link to) best practice of this kind
of setup.


Thanks in advance :-) !

~maymann


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/






















					Reply via email to