Hi, 6.2.0 doesn't have DNS cache, does it... I would like to use stable, but would really need the DNS caching feature - so would have to do devel (especially if this is nearly as stable - as Rainer describes): http://lists.adiscon.net/pipermail/rsyslog/2012-January/014244.html
Thanks in advance :-) ! ~maymann 2012/1/16 <[email protected]> > I would say that 6.2.0 is probably better. > > sorry I can't give you more info on this. > > David Lang > > > On Mon, 16 Jan 2012, Michael Maymann wrote: > > If I want DNS caching, should i use the new stable-6.2.0 or the older >> devel-6.3.6... ? >> Can see this feature mentioned here: >> http://rsyslog.com/features/ >> or here: >> http://rsyslog.com/project-**status/ <http://rsyslog.com/project-status/> >> >> >> Thanks in advance :-) ! >> ~maymann >> >> 2012/1/14 <[email protected]> >> >> On Sat, 14 Jan 2012, Michael Maymann wrote: >>> >>> Hi David, >>> >>>> >>>> thanks for this...this is super info...:-) ! >>>> If I have to create different logs per host, will this be the a valid >>>> configuration: >>>> $template DynaFile_messages,?/logfiles_****on_nfs/%HOSTNAME%/messages? >>>> >>>> *.* -?DynaFile_messages >>>> $template DynaFile_secure,?/logfiles_on_****nfs/%HOSTNAME%/secure? >>>> *.* -?DynaFile_secure >>>> $template DynaFile_auth.log,?/logfiles_****on_nfs/%HOSTNAME%/auth.log? >>>> *.* -?DynaFile_auth.log >>>> >>>> >>> I believe so. >>> >>> >>> 1. Will rsyslog automatically create the %HOSTNAME% dir's or do I have >>> to >>> >>>> create every hosts dir upfront... ? >>>> >>>> >>> it will create it for you (make sure it's running with the appropriate >>> permissions, if you have rsyslog configured to drop privileges, the lower >>> privileges need the ability to create the directories) >>> >>> >>> 2. Is DNS caching default enabled or do I have to enable this somewhere >>> >>>> first...? >>>> >>>> >>> I don't know, I haven't had a chance to look into that yet. >>> >>> David Lang >>> >>> >>> Thanks in advance :-) ! >>>> ~maymann >>>> >>>> >>>> 2012/1/14 <[email protected]> >>>> >>>> http://rsyslog.com/article60/ >>>> >>>>> >>>>> David Lang >>>>> >>>>> On Sat, 14 Jan 2012, Michael Maymann wrote: >>>>> >>>>> Date: Sat, 14 Jan 2012 07:23:57 +0100 >>>>> >>>>> From: Michael Maymann <[email protected]> >>>>>> To: rsyslog-users <[email protected]>, [email protected], >>>>>> Michael Maymann <[email protected]> >>>>>> >>>>>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir >>>>>> howto/links/examples >>>>>> >>>>>> Hi David, >>>>>> >>>>>> thanks for you kind reply...:-) ! >>>>>> --- >>>>>> This didn't seem to get through to the archives for some reason...: >>>>>> http://lists.adiscon.net/******pipermail/rsyslog/2012-****<http://lists.adiscon.net/****pipermail/rsyslog/2012-****> >>>>>> January/thread.html<http://**lists.adiscon.net/**pipermail/** >>>>>> rsyslog/2012-**January/thread.**html<http://lists.adiscon.net/**pipermail/rsyslog/2012-**January/thread.html> >>>>>> > >>>>>> <http://**lists.adiscon.net/**pipermail/**rsyslog/2012-** >>>>>> January/thread.**<http://lists.adiscon.net/pipermail/**rsyslog/2012-January/thread.**> >>>>>> >>>>>> html<http://lists.adiscon.net/**pipermail/rsyslog/2012-** >>>>>> January/thread.html<http://lists.adiscon.net/pipermail/rsyslog/2012-January/thread.html> >>>>>> > >>>>>> >>>>>>> >>>>>>> >>>>>> Hope I will not dobbel-post... >>>>>> --- >>>>>> I don't use syslog-relays, so this will not cause me any problems. >>>>>> Don't actually know what version we are running - can see this Monday >>>>>> morning though... Thanks for this hint... will upgrade to 6.2 if not >>>>>> already then. >>>>>> I have to configure this into a already running live production >>>>>> system - >>>>>> our previous syslog-admin left...:-(. >>>>>> Could I perhaps ask you to be so kind as to give an configuration >>>>>> example >>>>>> of how this is done, if I ask really nicely... :-) ? >>>>>> >>>>>> Thanks in advance :-) ! >>>>>> ~maymann >>>>>> >>>>>> 2012/1/13 <[email protected]> >>>>>> >>>>>> you need to be aware that doing the DNS queries is rather expensive >>>>>> >>>>>> (although I think I saw a comment that in the very latest 6.2 version >>>>>>> there >>>>>>> may now be a DNS cache that will drastically help) >>>>>>> >>>>>>> you would need to create a template with FROMHOST in it and use that >>>>>>> as >>>>>>> the filename to write to (look for dynafile in the documentation) >>>>>>> >>>>>>> note that if you are relaying logs from one machine to another, only >>>>>>> the >>>>>>> first machine will see the true source in FROMHOST, machines after >>>>>>> that >>>>>>> will only see the relay box. >>>>>>> >>>>>>> let me know if this doesn't give you enough clues to learn how to do >>>>>>> this. >>>>>>> >>>>>>> David Lang >>>>>>> >>>>>>> On Fri, 13 Jan 2012, Michael Maymann wrote: >>>>>>> >>>>>>> Date: Fri, 13 Jan 2012 14:43:06 +0100 >>>>>>> >>>>>>> From: Michael Maymann <[email protected]> >>>>>>> >>>>>>>> Reply-To: rsyslog-users <[email protected]> >>>>>>>> To: [email protected] >>>>>>>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir >>>>>>>> howto/links/examples >>>>>>>> >>>>>>>> >>>>>>>> Furthermore: would it be possible to validate FQDN from DNS and not >>>>>>>> from >>>>>>>> syslog-info hostname. >>>>>>>> We are getting a lot of weird logfiles as some applications are not >>>>>>>> including the hostname as the first parameter in the syslog-entries, >>>>>>>> e.g.: >>>>>>>> Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10 >>>>>>>> [issue_cmd ] STATUS: 1#012#01212/16/11 09:47:10 >>>>>>>> [issue_cmd ] RESULT:#012#01212/16/11 09:47:10 >>>>>>>> [issue_cmd ] #012#01212/16/11 09:47:10 >>>>>>>> [set_host_compat_list] >>>>>>>> #012#01212/16/11 09:47:10 [issue_cli_cmd ] command is >>>>>>>> '/opt/vmware/aam/bin/ftcli -domain vmware -cmd "SetUserData >>>>>>>> HostCompatList >>>>>>>> text /tmp/hostCompatList"'#012#********01212/16/11 09:47:40 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Would be nice to validate FQDN from sender DNS query... >>>>>>>> >>>>>>>> Thanks in advance :-) ! >>>>>>>> ~maymann >>>>>>>> >>>>>>>> >>>>>>>> 2012/1/13 Michael Maymann <[email protected]> >>>>>>>> >>>>>>>> Hi List, >>>>>>>> >>>>>>>> >>>>>>>> I'm new to rsyslog/syslog in general. >>>>>>>>> >>>>>>>>> I would like to syslog from all my 100+ network devices. >>>>>>>>> Preferably I would like a FQDN.log file for each host (or a >>>>>>>>> FQDN-dir >>>>>>>>> containing logs from this host if more logfiles per host are best >>>>>>>>> practice)... >>>>>>>>> >>>>>>>>> Can anyone give me an example of (or link to) best practice of this >>>>>>>>> kind >>>>>>>>> of setup. >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks in advance :-) ! >>>>>>>>> >>>>>>>>> ~maymann >>>>>>>>> >>>>>>>>> ______________________________********_________________ >>>>>>>>> >>>>>>>>> rsyslog mailing list >>>>>>>>> >>>>>>>> http://lists.adiscon.net/********mailman/listinfo/rsyslog<http://lists.adiscon.net/******mailman/listinfo/rsyslog> >>>>>>>> <http**://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog> >>>>>>>> > >>>>>>>> <http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog> >>>>>>>> <htt**p://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>>>> > >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> <http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog> >>>>>>>> <htt**p://lists.adiscon.net/mailman/****listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>>>>> > >>>>>>>> <htt**p://lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>>>>> <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>>>> > >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> http://www.rsyslog.com/********professional-services/<http://www.rsyslog.com/******professional-services/> >>>>>>>>> <http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>>>>>> > >>>>>>>>> >>>>>>>> <http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>>>>> <http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>>> > >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> <http://**www.rsyslog.com/****professional-**services/<http://www.rsyslog.com/**professional-**services/> >>>>>>>> <http:**//www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/> >>>>>>>> > >>>>>>>> >>>>>>>> <http:**//www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>>>>>> > >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> ______________________________********_________________ >>>>>>>> >>>>>>>> rsyslog mailing list >>>>>>>> >>>>>>> http://lists.adiscon.net/********mailman/listinfo/rsyslog<http://lists.adiscon.net/******mailman/listinfo/rsyslog> >>>>>>> <http**://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog> >>>>>>> > >>>>>>> <http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog> >>>>>>> <htt**p://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>>> > >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> <http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog> >>>>>>> <htt**p://lists.adiscon.net/mailman/****listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>>>> > >>>>>>> <htt**p://lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>>>> <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>>> > >>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>>> >>>>>>>> http://www.rsyslog.com/********professional-services/<http://www.rsyslog.com/******professional-services/> >>>>>>>> <http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>>>>> > >>>>>>>> >>>>>>> <http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>>>> <http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>> > >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> <http://**www.rsyslog.com/****professional-**services/<http://www.rsyslog.com/**professional-**services/> >>>>>>> <http:**//www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/> >>>>>>> > >>>>>>> <http:**//www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>>>>> > >>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>> >> _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
