Hello All,
I wanted to see if anyone had run into this issue, I am currently
logging information from some switches, and I have those switches
locally listed on my /etc/hosts file with a specific suffix like:
10.0.0.5 switch1.ldblzr
and I am filtering with a rule like this:
:fromhost, contains, "ldblzr" {
action (type="omfile"
name="load"
File="/var/log/swtichlog"
)
stop
}
The issue that I am running into is that when the logs go to the
"switchlog". The way that they are being written is:
2014-05-02T09:19:14.004379-04:00 switch.ldbzr 98563: May 2
09:19:13.005 EDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP
req from host 10.0.0.3
I would like them to be written as:
2014-05-02T09:19:14.004379-04:00 (IP ADDRESS INSTEAD OF HOSTNAME)
98563: May 2 09:19:13.005 EDT: %SNMP-3-AUTHFAIL: Authentication
failure for SNMP req from host 10.0.0.3
I am wondering if this is a template issue or an output module
parameter issue, or just misconfiguration on my part?
Any input will be appreciated
Thanks in advance
Robert
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
