examples

david Mon, 16 Jan 2012 13:38:02 -0800

Rainer knows this stuff far better than I do, so go with what he says.


David Lang

On Mon, 16 Jan 2012, Michael Maymann wrote:

Date: Mon, 16 Jan 2012 20:07:44 +0100
From: Michael Maymann <[email protected]>
To: [email protected]
Cc: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir howto/links/examples

Hi,

6.2.0 doesn't have DNS cache, does it...
I would like to use stable, but would really need the DNS caching feature -
so would have to do devel (especially if this is nearly as stable - as
Rainer describes):
http://lists.adiscon.net/pipermail/rsyslog/2012-January/014244.html

Thanks in advance :-) !
~maymann

2012/1/16 <[email protected]>

I would say that 6.2.0 is probably better.

sorry I can't give you more info on this.

David Lang


On Mon, 16 Jan 2012, Michael Maymann wrote:

 If I want DNS caching, should i use the new stable-6.2.0 or the older

devel-6.3.6... ?
Can see this feature mentioned here:
http://rsyslog.com/features/
or here:
http://rsyslog.com/project-**status/ <http://rsyslog.com/project-status/>


Thanks in advance :-) !
~maymann

2012/1/14 <[email protected]>

 On Sat, 14 Jan 2012, Michael Maymann wrote:


 Hi David,


thanks for this...this is super info...:-) !
If I have to create different logs per host, will this be the a valid
configuration:
$template DynaFile_messages,?/logfiles_****on_nfs/%HOSTNAME%/messages?

*.* -?DynaFile_messages
$template DynaFile_secure,?/logfiles_on_****nfs/%HOSTNAME%/secure?
*.* -?DynaFile_secure
$template DynaFile_auth.log,?/logfiles_****on_nfs/%HOSTNAME%/auth.log?
*.* -?DynaFile_auth.log

I believe so.


 1. Will rsyslog automatically create the %HOSTNAME% dir's or do I have
to

create every hosts dir upfront... ?

it will create it for you (make sure it's running with the appropriate
permissions, if you have rsyslog configured to drop privileges, the lower
privileges need the ability to create the directories)


 2. Is DNS caching default enabled or do I have to enable this somewhere

first...?

I don't know, I haven't had a chance to look into that yet.

David Lang


 Thanks in advance :-) !

~maymann


2012/1/14 <[email protected]>

 http://rsyslog.com/article60/


David Lang

On Sat, 14 Jan 2012, Michael Maymann wrote:

 Date: Sat, 14 Jan 2012 07:23:57 +0100

 From: Michael Maymann <[email protected]>

To: rsyslog-users <[email protected]>, [email protected],
 Michael Maymann <[email protected]>

Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir
howto/links/examples

Hi David,

thanks for you kind reply...:-) !
---
This didn't seem to get through to the archives for some reason...:
http://lists.adiscon.net/******pipermail/rsyslog/2012-****<http://lists.adiscon.net/****pipermail/rsyslog/2012-****>
January/thread.html<http://**lists.adiscon.net/**pipermail/**
rsyslog/2012-**January/thread.**html<http://lists.adiscon.net/**pipermail/rsyslog/2012-**January/thread.html>

<http://**lists.adiscon.net/**pipermail/**rsyslog/2012-**
January/thread.**<http://lists.adiscon.net/pipermail/**rsyslog/2012-January/thread.**>

html<http://lists.adiscon.net/**pipermail/rsyslog/2012-**
January/thread.html<http://lists.adiscon.net/pipermail/rsyslog/2012-January/thread.html>

Hope I will not dobbel-post...
---
I don't use syslog-relays, so this will not cause me any problems.
Don't actually know what version we are running - can see this Monday
morning though... Thanks for this hint... will upgrade to 6.2 if not
already then.
I have to configure this into a already running live production
system -
our previous syslog-admin left...:-(.
Could I perhaps ask you to be so kind as to give an configuration
example
of how this is done, if I ask really nicely... :-) ?

Thanks in advance :-) !
~maymann

2012/1/13 <[email protected]>

 you need to be aware that doing the DNS queries is rather expensive

 (although I think I saw a comment that in the very latest 6.2 version

there
may now be a DNS cache that will drastically help)

you would need to create a template with FROMHOST in it and use that
as
the filename to write to (look for dynafile in the documentation)

note that if you are relaying logs from one machine to another, only
the
first machine will see the true source in FROMHOST, machines after
that
will only see the relay box.

let me know if this doesn't give you enough clues to learn how to do
this.

David Lang

 On Fri, 13 Jan 2012, Michael Maymann wrote:

 Date: Fri, 13 Jan 2012 14:43:06 +0100

 From: Michael Maymann <[email protected]>

Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir
howto/links/examples

Furthermore: would it be possible to validate FQDN from DNS and not
from
syslog-info hostname.
We are getting a lot of weird logfiles as some applications are not
including the hostname as the first parameter in the syslog-entries,
e.g.:
Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10
[issue_cmd           ] STATUS: 1#012#01212/16/11 09:47:10
[issue_cmd           ] RESULT:#012#01212/16/11 09:47:10
[issue_cmd           ] #012#01212/16/11 09:47:10
[set_host_compat_list]
#012#01212/16/11 09:47:10 [issue_cli_cmd       ] command is
'/opt/vmware/aam/bin/ftcli -domain vmware -cmd "SetUserData
HostCompatList
text /tmp/hostCompatList"'#012#********01212/16/11 09:47:40

Would be nice to validate FQDN from sender DNS query...

Thanks in advance :-) !
~maymann

2012/1/13 Michael Maymann <[email protected]>

 Hi List,

 I'm new to rsyslog/syslog in general.


I would like to syslog from all my 100+ network devices.
Preferably I would like a FQDN.log file for each host (or a
FQDN-dir
containing logs from this host if more logfiles per host are best
practice)...

Can anyone give me an example of (or link to) best practice of this
kind
of setup.


Thanks in advance :-) !

~maymann

 ______________________________********_________________

 rsyslog mailing list

http://lists.adiscon.net/********mailman/listinfo/rsyslog<http://lists.adiscon.net/******mailman/listinfo/rsyslog>
<http**://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog>

<http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog>
<htt**p://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>


 
<http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog>

<htt**p://lists.adiscon.net/mailman/****listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog>

<htt**p://lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog>
<htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>

 
http://www.rsyslog.com/********professional-services/<http://www.rsyslog.com/******professional-services/>
<http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/>

<http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/>
<http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>


 
<http://**www.rsyslog.com/****professional-**services/<http://www.rsyslog.com/**professional-**services/>

<http:**//www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/>

 
<http:**//www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
<http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>


  ______________________________********_________________


 rsyslog mailing list

http://lists.adiscon.net/********mailman/listinfo/rsyslog<http://lists.adiscon.net/******mailman/listinfo/rsyslog>
<http**://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog>

<http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog>
<htt**p://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>


 
<http:**//lists.adiscon.net/****mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/**listinfo/rsyslog>

<htt**p://lists.adiscon.net/mailman/****listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog>

<htt**p://lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog>
<htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>

 
http://www.rsyslog.com/********professional-services/<http://www.rsyslog.com/******professional-services/>
<http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/>

<http://**www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/>
<http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>


 
<http://**www.rsyslog.com/****professional-**services/<http://www.rsyslog.com/**professional-**services/>

<http:**//www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/>

<http:**//www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
<http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/

Re: [rsyslog] Syslogging FQDN logfile/logdir howto/links/examples

Reply via email to