What is the best way to handle invalid syslog messages in rsyslog from a remote host?
My workstation logged this message: Oct 18 11:53:48 augnix.noc.sonic.net mount.davfs: davfs2 1.4.6 The remote rsyslog server ( v5.10 ) couldn't understand something in that message and logged it as this: 2012-10-18T11:53:49.210010-07:00 64.142.18.23 invld>2012-10-18T11: 53:48.045311-07:00 augnix.noc.sonic.net mount.davfs: davfs2 1.4.6 Note, the "invld" and that I lost my hostname in the process. My real problem with this is that the messages do not get logged in the same location as the valid messages, I split my logs by hostname, and the invalid messages end up in a directory labeled with the source IP and not the hostname. Any suggestions? -- Augie Schwer - [email protected] - http://schwer.us _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
