Hi Rainer, do I have to enable DNS cache somewhere, or is this feature on by default ?
Thanks in advance :-) ! ~maymann 2012/1/16 Rainer Gerhards <[email protected]> > The cache is available since 6.3.1, so you need to go for the devel > version. > A good place to check those things is the ChangeLog itself, here is the > current one: > > > http://git.adiscon.com/?p=rsyslog.git;a=blob;f=ChangeLog;h=b42a8004ed8575d085 > a0fcf48f71339154813971<http://git.adiscon.com/?p=rsyslog.git;a=blob;f=ChangeLog;h=b42a8004ed8575d085%0Aa0fcf48f71339154813971> > ;hb=HEAD > > Note that v6-devel is almost as stable as v6-stable except for the config > read phase at startup. > > HTH > Rainer > > > -----Original Message----- > > From: [email protected] [mailto:rsyslog- > > [email protected]] On Behalf Of Michael Maymann > > Sent: Monday, January 16, 2012 8:57 AM > > To: [email protected] > > Cc: rsyslog-users > > Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir > > howto/links/examples > > > > If I want DNS caching, should i use the new stable-6.2.0 or the older > > devel-6.3.6... ? > > Can see this feature mentioned here: > > http://rsyslog.com/features/ > > or here: > > http://rsyslog.com/project-status/ > > > > > > Thanks in advance :-) ! > > ~maymann > > > > 2012/1/14 <[email protected]> > > > > > On Sat, 14 Jan 2012, Michael Maymann wrote: > > > > > > Hi David, > > >> > > >> thanks for this...this is super info...:-) ! > > >> If I have to create different logs per host, will this be the a > > valid > > >> configuration: > > >> $template DynaFile_messages,?/logfiles_**on_nfs/%HOSTNAME%/messages? > > >> *.* -?DynaFile_messages > > >> $template DynaFile_secure,?/logfiles_on_**nfs/%HOSTNAME%/secure? > > >> *.* -?DynaFile_secure > > >> $template DynaFile_auth.log,?/logfiles_**on_nfs/%HOSTNAME%/auth.log? > > >> *.* -?DynaFile_auth.log > > >> > > > > > > I believe so. > > > > > > > > > 1. Will rsyslog automatically create the %HOSTNAME% dir's or do I > > have to > > >> create every hosts dir upfront... ? > > >> > > > > > > it will create it for you (make sure it's running with the > > appropriate > > > permissions, if you have rsyslog configured to drop privileges, the > > lower > > > privileges need the ability to create the directories) > > > > > > > > > 2. Is DNS caching default enabled or do I have to enable this > > somewhere > > >> first...? > > >> > > > > > > I don't know, I haven't had a chance to look into that yet. > > > > > > David Lang > > > > > > > > >> Thanks in advance :-) ! > > >> ~maymann > > >> > > >> > > >> 2012/1/14 <[email protected]> > > >> > > >> http://rsyslog.com/article60/ > > >>> > > >>> David Lang > > >>> > > >>> On Sat, 14 Jan 2012, Michael Maymann wrote: > > >>> > > >>> Date: Sat, 14 Jan 2012 07:23:57 +0100 > > >>> > > >>>> From: Michael Maymann <[email protected]> > > >>>> To: rsyslog-users <[email protected]>, [email protected], > > >>>> Michael Maymann <[email protected]> > > >>>> > > >>>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir > > >>>> howto/links/examples > > >>>> > > >>>> Hi David, > > >>>> > > >>>> thanks for you kind reply...:-) ! > > >>>> --- > > >>>> This didn't seem to get through to the archives for some > > reason...: > > >>>> http://lists.adiscon.net/****pipermail/rsyslog/2012-**** > > >>>> > > January/thread.html<http://lists.adiscon.net/**pipermail/rsyslog/2012- > > **January/thread.html> > > >>>> <http://**lists.adiscon.net/pipermail/**rsyslog/2012- > > January/thread.** > > >>>> html<http://lists.adiscon.net/pipermail/rsyslog/2012- > > January/thread.html> > > >>>> > > > >>>> > > >>>> Hope I will not dobbel-post... > > >>>> --- > > >>>> I don't use syslog-relays, so this will not cause me any problems. > > >>>> Don't actually know what version we are running - can see this > > Monday > > >>>> morning though... Thanks for this hint... will upgrade to 6.2 if > > not > > >>>> already then. > > >>>> I have to configure this into a already running live production > > system - > > >>>> our previous syslog-admin left...:-(. > > >>>> Could I perhaps ask you to be so kind as to give an configuration > > >>>> example > > >>>> of how this is done, if I ask really nicely... :-) ? > > >>>> > > >>>> Thanks in advance :-) ! > > >>>> ~maymann > > >>>> > > >>>> 2012/1/13 <[email protected]> > > >>>> > > >>>> you need to be aware that doing the DNS queries is rather > > expensive > > >>>> > > >>>>> (although I think I saw a comment that in the very latest 6.2 > > version > > >>>>> there > > >>>>> may now be a DNS cache that will drastically help) > > >>>>> > > >>>>> you would need to create a template with FROMHOST in it and use > > that as > > >>>>> the filename to write to (look for dynafile in the documentation) > > >>>>> > > >>>>> note that if you are relaying logs from one machine to another, > > only > > >>>>> the > > >>>>> first machine will see the true source in FROMHOST, machines > > after that > > >>>>> will only see the relay box. > > >>>>> > > >>>>> let me know if this doesn't give you enough clues to learn how to > > do > > >>>>> this. > > >>>>> > > >>>>> David Lang > > >>>>> > > >>>>> On Fri, 13 Jan 2012, Michael Maymann wrote: > > >>>>> > > >>>>> Date: Fri, 13 Jan 2012 14:43:06 +0100 > > >>>>> > > >>>>> From: Michael Maymann <[email protected]> > > >>>>>> Reply-To: rsyslog-users <[email protected]> > > >>>>>> To: [email protected] > > >>>>>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir > > >>>>>> howto/links/examples > > >>>>>> > > >>>>>> > > >>>>>> Furthermore: would it be possible to validate FQDN from DNS and > > not > > >>>>>> from > > >>>>>> syslog-info hostname. > > >>>>>> We are getting a lot of weird logfiles as some applications are > > not > > >>>>>> including the hostname as the first parameter in the syslog- > > entries, > > >>>>>> e.g.: > > >>>>>> Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10 > > >>>>>> [issue_cmd ] STATUS: 1#012#01212/16/11 09:47:10 > > >>>>>> [issue_cmd ] RESULT:#012#01212/16/11 09:47:10 > > >>>>>> [issue_cmd ] #012#01212/16/11 09:47:10 > > >>>>>> [set_host_compat_list] > > >>>>>> #012#01212/16/11 09:47:10 [issue_cli_cmd ] command is > > >>>>>> '/opt/vmware/aam/bin/ftcli -domain vmware -cmd "SetUserData > > >>>>>> HostCompatList > > >>>>>> text /tmp/hostCompatList"'#012#******01212/16/11 09:47:40 > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> Would be nice to validate FQDN from sender DNS query... > > >>>>>> > > >>>>>> Thanks in advance :-) ! > > >>>>>> ~maymann > > >>>>>> > > >>>>>> > > >>>>>> 2012/1/13 Michael Maymann <[email protected]> > > >>>>>> > > >>>>>> Hi List, > > >>>>>> > > >>>>>> > > >>>>>>> I'm new to rsyslog/syslog in general. > > >>>>>>> > > >>>>>>> I would like to syslog from all my 100+ network devices. > > >>>>>>> Preferably I would like a FQDN.log file for each host (or a > > FQDN-dir > > >>>>>>> containing logs from this host if more logfiles per host are > > best > > >>>>>>> practice)... > > >>>>>>> > > >>>>>>> Can anyone give me an example of (or link to) best practice of > > this > > >>>>>>> kind > > >>>>>>> of setup. > > >>>>>>> > > >>>>>>> > > >>>>>>> Thanks in advance :-) ! > > >>>>>>> > > >>>>>>> ~maymann > > >>>>>>> > > >>>>>>> ______________________________******_________________ > > >>>>>>> > > >>>>>>> rsyslog mailing list > > >>>>>> > > http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.ad > > iscon.net/****mailman/listinfo/rsyslog> > > >>>>>> > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.a > > discon.net/**mailman/listinfo/rsyslog> > > >>>>>> > > > >>>>>> > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.a > > discon.net/mailman/**listinfo/rsyslog> > > >>>>>> > > <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adi > > scon.net/mailman/listinfo/rsyslog> > > >>>>>> > > > >>>>>> > > >>>>>>> > > >>>>>>> http://www.rsyslog.com/******professional- > > services/<http://www.rsyslog.com/****professional-services/> > > >>>>>> <http://**www.rsyslog.com/****professional- > > services/<http://www.rsyslog.com/**professional-services/> > > >>>>>> > > > >>>>>> <http://**www.rsyslog.com/**professional- > > **services/<http://www.rsyslog.com/professional-**services/> > > >>>>>> <http:**//www.rsyslog.com/**professional- > > services/<http://www.rsyslog.com/professional-services/> > > >>>>>> > > > >>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>> ______________________________******_________________ > > >>>>>> > > >>>>>> rsyslog mailing list > > >>>>> > > http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.ad > > iscon.net/****mailman/listinfo/rsyslog> > > >>>>> > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.a > > discon.net/**mailman/listinfo/rsyslog> > > >>>>> > > > >>>>> > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.a > > discon.net/mailman/**listinfo/rsyslog> > > >>>>> > > <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adi > > scon.net/mailman/listinfo/rsyslog> > > >>>>> > > > >>>>> > > >>>>>> > > >>>>>> http://www.rsyslog.com/******professional- > > services/<http://www.rsyslog.com/****professional-services/> > > >>>>> <http://**www.rsyslog.com/****professional- > > services/<http://www.rsyslog.com/**professional-services/> > > >>>>> > > > >>>>> <http://**www.rsyslog.com/**professional- > > **services/<http://www.rsyslog.com/professional-**services/> > > >>>>> <http:**//www.rsyslog.com/**professional- > > services/<http://www.rsyslog.com/professional-services/> > > >>>>> > > > >>>>> > > >>>>>> > > >>>>>> > > >>>>> > > >>>>> > > >>>> > > >> > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
