This didn't seem to get through to the archives or some reason...: http://lists.adiscon.net/pipermail/rsyslog/2012-January/thread.html
Hope I will not dobbel-post... ~maymann 2012/1/13 Michael Maymann <[email protected]> > Hi David, > > thanks for you kind reply...:-) ! > > I don't use syslog-relays, so this will not cause me any problems. > Don't actually know what version we are running - can see this Monday > morning though... Thanks for this hint... will upgrade to 6.2 if not > already then. > I have to configure this into a already running live production system - > our previous syslog-admin left...:-(. > Could I perhaps ask you to be so kind as to give an configuration example > of how this is done, if I ask really nicely... :-) ? > > > Thanks in advance :-) ! > ~maymann > > > 2012/1/13 <[email protected]> > > you need to be aware that doing the DNS queries is rather expensive >> (although I think I saw a comment that in the very latest 6.2 version there >> may now be a DNS cache that will drastically help) >> >> you would need to create a template with FROMHOST in it and use that as >> the filename to write to (look for dynafile in the documentation) >> >> note that if you are relaying logs from one machine to another, only the >> first machine will see the true source in FROMHOST, machines after that >> will only see the relay box. >> >> let me know if this doesn't give you enough clues to learn how to do this. >> >> David Lang >> >> On Fri, 13 Jan 2012, Michael Maymann wrote: >> >> Date: Fri, 13 Jan 2012 14:43:06 +0100 >>> From: Michael Maymann <[email protected]> >>> Reply-To: rsyslog-users <[email protected]> >>> To: [email protected] >>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir >>> howto/links/examples >>> >>> >>> Furthermore: would it be possible to validate FQDN from DNS and not from >>> syslog-info hostname. >>> We are getting a lot of weird logfiles as some applications are not >>> including the hostname as the first parameter in the syslog-entries, >>> e.g.: >>> Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10 >>> [issue_cmd ] STATUS: 1#012#01212/16/11 09:47:10 >>> [issue_cmd ] RESULT:#012#01212/16/11 09:47:10 >>> [issue_cmd ] #012#01212/16/11 09:47:10 [set_host_compat_list] >>> #012#01212/16/11 09:47:10 [issue_cli_cmd ] command is >>> '/opt/vmware/aam/bin/ftcli -domain vmware -cmd "SetUserData >>> HostCompatList >>> text /tmp/hostCompatList"'#012#**01212/16/11 09:47:40 >>> >>> Would be nice to validate FQDN from sender DNS query... >>> >>> Thanks in advance :-) ! >>> ~maymann >>> >>> >>> 2012/1/13 Michael Maymann <[email protected]> >>> >>> Hi List, >>>> >>>> I'm new to rsyslog/syslog in general. >>>> >>>> I would like to syslog from all my 100+ network devices. >>>> Preferably I would like a FQDN.log file for each host (or a FQDN-dir >>>> containing logs from this host if more logfiles per host are best >>>> practice)... >>>> >>>> Can anyone give me an example of (or link to) best practice of this kind >>>> of setup. >>>> >>>> >>>> Thanks in advance :-) ! >>>> >>>> ~maymann >>>> >>>> ______________________________**_________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>> >>> ______________________________**_________________ >> rsyslog mailing list >> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >> > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
