Hi David, thanks for this...this is super info...:-) ! If I have to create different logs per host, will this be the a valid configuration: $template DynaFile_messages,”/logfiles_on_nfs/%HOSTNAME%/messages” *.* -?DynaFile_messages $template DynaFile_secure,”/logfiles_on_nfs/%HOSTNAME%/secure” *.* -?DynaFile_secure $template DynaFile_auth.log,”/logfiles_on_nfs/%HOSTNAME%/auth.log” *.* -?DynaFile_auth.log 1. Will rsyslog automatically create the %HOSTNAME% dir's or do I have to create every hosts dir upfront... ? 2. Is DNS caching default enabled or do I have to enable this somewhere first...?
Thanks in advance :-) ! ~maymann 2012/1/14 <[email protected]> > http://rsyslog.com/article60/ > > David Lang > > On Sat, 14 Jan 2012, Michael Maymann wrote: > > Date: Sat, 14 Jan 2012 07:23:57 +0100 >> From: Michael Maymann <[email protected]> >> To: rsyslog-users <[email protected]>, [email protected], >> Michael Maymann <[email protected]> >> >> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir howto/links/examples >> >> Hi David, >> >> thanks for you kind reply...:-) ! >> --- >> This didn't seem to get through to the archives for some reason...: >> http://lists.adiscon.net/**pipermail/rsyslog/2012-**January/thread.html<http://lists.adiscon.net/pipermail/rsyslog/2012-January/thread.html> >> Hope I will not dobbel-post... >> --- >> I don't use syslog-relays, so this will not cause me any problems. >> Don't actually know what version we are running - can see this Monday >> morning though... Thanks for this hint... will upgrade to 6.2 if not >> already then. >> I have to configure this into a already running live production system - >> our previous syslog-admin left...:-(. >> Could I perhaps ask you to be so kind as to give an configuration example >> of how this is done, if I ask really nicely... :-) ? >> >> Thanks in advance :-) ! >> ~maymann >> >> 2012/1/13 <[email protected]> >> >> you need to be aware that doing the DNS queries is rather expensive >>> (although I think I saw a comment that in the very latest 6.2 version >>> there >>> may now be a DNS cache that will drastically help) >>> >>> you would need to create a template with FROMHOST in it and use that as >>> the filename to write to (look for dynafile in the documentation) >>> >>> note that if you are relaying logs from one machine to another, only the >>> first machine will see the true source in FROMHOST, machines after that >>> will only see the relay box. >>> >>> let me know if this doesn't give you enough clues to learn how to do >>> this. >>> >>> David Lang >>> >>> On Fri, 13 Jan 2012, Michael Maymann wrote: >>> >>> Date: Fri, 13 Jan 2012 14:43:06 +0100 >>> >>>> From: Michael Maymann <[email protected]> >>>> Reply-To: rsyslog-users <[email protected]> >>>> To: [email protected] >>>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir >>>> howto/links/examples >>>> >>>> >>>> Furthermore: would it be possible to validate FQDN from DNS and not from >>>> syslog-info hostname. >>>> We are getting a lot of weird logfiles as some applications are not >>>> including the hostname as the first parameter in the syslog-entries, >>>> e.g.: >>>> Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10 >>>> [issue_cmd ] STATUS: 1#012#01212/16/11 09:47:10 >>>> [issue_cmd ] RESULT:#012#01212/16/11 09:47:10 >>>> [issue_cmd ] #012#01212/16/11 09:47:10 [set_host_compat_list] >>>> #012#01212/16/11 09:47:10 [issue_cli_cmd ] command is >>>> '/opt/vmware/aam/bin/ftcli -domain vmware -cmd "SetUserData >>>> HostCompatList >>>> text /tmp/hostCompatList"'#012#****01212/16/11 09:47:40 >>>> >>>> >>>> Would be nice to validate FQDN from sender DNS query... >>>> >>>> Thanks in advance :-) ! >>>> ~maymann >>>> >>>> >>>> 2012/1/13 Michael Maymann <[email protected]> >>>> >>>> Hi List, >>>> >>>>> >>>>> I'm new to rsyslog/syslog in general. >>>>> >>>>> I would like to syslog from all my 100+ network devices. >>>>> Preferably I would like a FQDN.log file for each host (or a FQDN-dir >>>>> containing logs from this host if more logfiles per host are best >>>>> practice)... >>>>> >>>>> Can anyone give me an example of (or link to) best practice of this >>>>> kind >>>>> of setup. >>>>> >>>>> >>>>> Thanks in advance :-) ! >>>>> >>>>> ~maymann >>>>> >>>>> ______________________________****_________________ >>>>> >>>> rsyslog mailing list >>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>> > >>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>> > >>>> >>>> ______________________________****_________________ >>>> >>> rsyslog mailing list >>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>> > >>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>> > >>> >>> >> _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
