> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Michael Maymann > Sent: Monday, January 16, 2012 10:48 AM > To: rsyslog-users > Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir howto/links/examples > > Hi Rainer, > > Thanks for your reply. > How do I install 6.3.6 on RHEL6 easiest ?
I have no specific instructions. Just grab the sources and compile, I'd say ;) Note, however, that you need to install libestr and probably libee first. Rainer > > Thanks in advance :-)! > ~maymann > > 2012/1/16 Rainer Gerhards <[email protected]> > > > The cache is available since 6.3.1, so you need to go for the devel > > version. > > A good place to check those things is the ChangeLog itself, here is > > the current one: > > > > > > http://git.adiscon.com/?p=rsyslog.git;a=blob;f=ChangeLog;h=b42a8004ed8 > > 575d085 > > a0fcf48f71339154813971<http://git.adiscon.com/?p=rsyslog.git;a=blob;f= > > ChangeLog;h=b42a8004ed8575d085%0Aa0fcf48f71339154813971> > > ;hb=HEAD > > > > Note that v6-devel is almost as stable as v6-stable except for the > > config read phase at startup. > > > > HTH > > Rainer > > > > > -----Original Message----- > > > From: [email protected] [mailto:rsyslog- > > > [email protected]] On Behalf Of Michael Maymann > > > Sent: Monday, January 16, 2012 8:57 AM > > > To: [email protected] > > > Cc: rsyslog-users > > > Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir > > > howto/links/examples > > > > > > If I want DNS caching, should i use the new stable-6.2.0 or the > > > older devel-6.3.6... ? > > > Can see this feature mentioned here: > > > http://rsyslog.com/features/ > > > or here: > > > http://rsyslog.com/project-status/ > > > > > > > > > Thanks in advance :-) ! > > > ~maymann > > > > > > 2012/1/14 <[email protected]> > > > > > > > On Sat, 14 Jan 2012, Michael Maymann wrote: > > > > > > > > Hi David, > > > >> > > > >> thanks for this...this is super info...:-) ! > > > >> If I have to create different logs per host, will this be the a > > > valid > > > >> configuration: > > > >> $template > DynaFile_messages,?/logfiles_**on_nfs/%HOSTNAME%/messages? > > > >> *.* -?DynaFile_messages > > > >> $template > DynaFile_secure,?/logfiles_on_**nfs/%HOSTNAME%/secure? > > > >> *.* -?DynaFile_secure > > > >> $template > DynaFile_auth.log,?/logfiles_**on_nfs/%HOSTNAME%/auth.log? > > > >> *.* -?DynaFile_auth.log > > > >> > > > > > > > > I believe so. > > > > > > > > > > > > 1. Will rsyslog automatically create the %HOSTNAME% dir's or do I > > > have to > > > >> create every hosts dir upfront... ? > > > >> > > > > > > > > it will create it for you (make sure it's running with the > > > appropriate > > > > permissions, if you have rsyslog configured to drop privileges, > > > > the > > > lower > > > > privileges need the ability to create the directories) > > > > > > > > > > > > 2. Is DNS caching default enabled or do I have to enable this > > > somewhere > > > >> first...? > > > >> > > > > > > > > I don't know, I haven't had a chance to look into that yet. > > > > > > > > David Lang > > > > > > > > > > > >> Thanks in advance :-) ! > > > >> ~maymann > > > >> > > > >> > > > >> 2012/1/14 <[email protected]> > > > >> > > > >> http://rsyslog.com/article60/ > > > >>> > > > >>> David Lang > > > >>> > > > >>> On Sat, 14 Jan 2012, Michael Maymann wrote: > > > >>> > > > >>> Date: Sat, 14 Jan 2012 07:23:57 +0100 > > > >>> > > > >>>> From: Michael Maymann <[email protected]> > > > >>>> To: rsyslog-users <[email protected]>, [email protected], > > > >>>> Michael Maymann <[email protected]> > > > >>>> > > > >>>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir > > > >>>> howto/links/examples > > > >>>> > > > >>>> Hi David, > > > >>>> > > > >>>> thanks for you kind reply...:-) ! > > > >>>> --- > > > >>>> This didn't seem to get through to the archives for some > > > reason...: > > > >>>> http://lists.adiscon.net/****pipermail/rsyslog/2012-**** > > > >>>> > > > January/thread.html<http://lists.adiscon.net/**pipermail/rsyslog/201 > > > 2- > > > **January/thread.html> > > > >>>> <http://**lists.adiscon.net/pipermail/**rsyslog/2012- > > > January/thread.** > > > >>>> html<http://lists.adiscon.net/pipermail/rsyslog/2012- > > > January/thread.html> > > > >>>> > > > > >>>> > > > >>>> Hope I will not dobbel-post... > > > >>>> --- > > > >>>> I don't use syslog-relays, so this will not cause me any problems. > > > >>>> Don't actually know what version we are running - can see this > > > Monday > > > >>>> morning though... Thanks for this hint... will upgrade to 6.2 > > > >>>> if > > > not > > > >>>> already then. > > > >>>> I have to configure this into a already running live production > > > system - > > > >>>> our previous syslog-admin left...:-(. > > > >>>> Could I perhaps ask you to be so kind as to give an > > > >>>> configuration example of how this is done, if I ask really > > > >>>> nicely... :-) ? > > > >>>> > > > >>>> Thanks in advance :-) ! > > > >>>> ~maymann > > > >>>> > > > >>>> 2012/1/13 <[email protected]> > > > >>>> > > > >>>> you need to be aware that doing the DNS queries is rather > > > expensive > > > >>>> > > > >>>>> (although I think I saw a comment that in the very latest 6.2 > > > version > > > >>>>> there > > > >>>>> may now be a DNS cache that will drastically help) > > > >>>>> > > > >>>>> you would need to create a template with FROMHOST in it and > > > >>>>> use > > > that as > > > >>>>> the filename to write to (look for dynafile in the > > > >>>>> documentation) > > > >>>>> > > > >>>>> note that if you are relaying logs from one machine to > > > >>>>> another, > > > only > > > >>>>> the > > > >>>>> first machine will see the true source in FROMHOST, machines > > > after that > > > >>>>> will only see the relay box. > > > >>>>> > > > >>>>> let me know if this doesn't give you enough clues to learn how > > > >>>>> to > > > do > > > >>>>> this. > > > >>>>> > > > >>>>> David Lang > > > >>>>> > > > >>>>> On Fri, 13 Jan 2012, Michael Maymann wrote: > > > >>>>> > > > >>>>> Date: Fri, 13 Jan 2012 14:43:06 +0100 > > > >>>>> > > > >>>>> From: Michael Maymann <[email protected]> > > > >>>>>> Reply-To: rsyslog-users <[email protected]> > > > >>>>>> To: [email protected] > > > >>>>>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir > > > >>>>>> howto/links/examples > > > >>>>>> > > > >>>>>> > > > >>>>>> Furthermore: would it be possible to validate FQDN from DNS > > > >>>>>> and > > > not > > > >>>>>> from > > > >>>>>> syslog-info hostname. > > > >>>>>> We are getting a lot of weird logfiles as some applications > > > >>>>>> are > > > not > > > >>>>>> including the hostname as the first parameter in the syslog- > > > entries, > > > >>>>>> e.g.: > > > >>>>>> Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10 > > > >>>>>> [issue_cmd ] STATUS: 1#012#01212/16/11 09:47:10 > > > >>>>>> [issue_cmd ] RESULT:#012#01212/16/11 09:47:10 > > > >>>>>> [issue_cmd ] #012#01212/16/11 09:47:10 > > > >>>>>> [set_host_compat_list] > > > >>>>>> #012#01212/16/11 09:47:10 [issue_cli_cmd ] command is > > > >>>>>> '/opt/vmware/aam/bin/ftcli -domain vmware -cmd > "SetUserData > > > >>>>>> HostCompatList text > > > >>>>>> /tmp/hostCompatList"'#012#******01212/16/11 09:47:40 > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> Would be nice to validate FQDN from sender DNS query... > > > >>>>>> > > > >>>>>> Thanks in advance :-) ! > > > >>>>>> ~maymann > > > >>>>>> > > > >>>>>> > > > >>>>>> 2012/1/13 Michael Maymann <[email protected]> > > > >>>>>> > > > >>>>>> Hi List, > > > >>>>>> > > > >>>>>> > > > >>>>>>> I'm new to rsyslog/syslog in general. > > > >>>>>>> > > > >>>>>>> I would like to syslog from all my 100+ network devices. > > > >>>>>>> Preferably I would like a FQDN.log file for each host (or a > > > FQDN-dir > > > >>>>>>> containing logs from this host if more logfiles per host are > > > best > > > >>>>>>> practice)... > > > >>>>>>> > > > >>>>>>> Can anyone give me an example of (or link to) best practice > > > >>>>>>> of > > > this > > > >>>>>>> kind > > > >>>>>>> of setup. > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> Thanks in advance :-) ! > > > >>>>>>> > > > >>>>>>> ~maymann > > > >>>>>>> > > > >>>>>>> > ______________________________******_________________ > > > >>>>>>> > > > >>>>>>> rsyslog mailing list > > > >>>>>> > > > http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists > > > .ad iscon.net/****mailman/listinfo/rsyslog> > > > >>>>>> > > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://list > > > s.a discon.net/**mailman/listinfo/rsyslog> > > > >>>>>> > > > > >>>>>> > > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://list > > > s.a discon.net/mailman/**listinfo/rsyslog> > > > >>>>>> > > > <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists. > > > adi > > > scon.net/mailman/listinfo/rsyslog> > > > >>>>>> > > > > >>>>>> > > > >>>>>>> > > > >>>>>>> http://www.rsyslog.com/******professional- > > > services/<http://www.rsyslog.com/****professional-services/> > > > >>>>>> <http://**www.rsyslog.com/****professional- > > > services/<http://www.rsyslog.com/**professional-services/> > > > >>>>>> > > > > >>>>>> <http://**www.rsyslog.com/**professional- > > > **services/<http://www.rsyslog.com/professional-**services/> > > > >>>>>> <http:**//www.rsyslog.com/**professional- > > > services/<http://www.rsyslog.com/professional-services/> > > > >>>>>> > > > > >>>>>> > > > >>>>>>> > > > >>>>>>> > > > >>>>>> > ______________________________******_________________ > > > >>>>>> > > > >>>>>> rsyslog mailing list > > > >>>>> > > > http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists > > > .ad iscon.net/****mailman/listinfo/rsyslog> > > > >>>>> > > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://list > > > s.a discon.net/**mailman/listinfo/rsyslog> > > > >>>>> > > > > >>>>> > > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://list > > > s.a discon.net/mailman/**listinfo/rsyslog> > > > >>>>> > > > <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists. > > > adi > > > scon.net/mailman/listinfo/rsyslog> > > > >>>>> > > > > >>>>> > > > >>>>>> > > > >>>>>> http://www.rsyslog.com/******professional- > > > services/<http://www.rsyslog.com/****professional-services/> > > > >>>>> <http://**www.rsyslog.com/****professional- > > > services/<http://www.rsyslog.com/**professional-services/> > > > >>>>> > > > > >>>>> <http://**www.rsyslog.com/**professional- > > > **services/<http://www.rsyslog.com/professional-**services/> > > > >>>>> <http:**//www.rsyslog.com/**professional- > > > services/<http://www.rsyslog.com/professional-services/> > > > >>>>> > > > > >>>>> > > > >>>>>> > > > >>>>>> > > > >>>>> > > > >>>>> > > > >>>> > > > >> > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
