I guess the switch emits malformed format. Use the RSYSLOG_DebugFormat template for this action and post a sample from it. Note that each message will be output on multiple lines, with all the properties as rsyslog sees them. rawmsg is the most interesting one. Be sure to include all properties (messages are sperated by a blank line with this template).
Rainer On Fri, May 2, 2014 at 5:04 PM, robert s <[email protected]> wrote: > Hello All, > > I wanted to see if anyone had run into this issue, I am currently > logging information from some switches, and I have those switches > locally listed on my /etc/hosts file with a specific suffix like: > > 10.0.0.5 switch1.ldblzr > > and I am filtering with a rule like this: > > :fromhost, contains, "ldblzr" { > action (type="omfile" > name="load" > File="/var/log/swtichlog" > ) > stop > } > > The issue that I am running into is that when the logs go to the > "switchlog". The way that they are being written is: > > 2014-05-02T09:19:14.004379-04:00 switch.ldbzr 98563: May 2 > 09:19:13.005 EDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP > req from host 10.0.0.3 > > I would like them to be written as: > > 2014-05-02T09:19:14.004379-04:00 (IP ADDRESS INSTEAD OF HOSTNAME) > 98563: May 2 09:19:13.005 EDT: %SNMP-3-AUTHFAIL: Authentication > failure for SNMP req from host 10.0.0.3 > > I am wondering if this is a template issue or an output module > parameter issue, or just misconfiguration on my part? > > Any input will be appreciated > > Thanks in advance > > > Robert > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
