On Tue, 17 Jun 2014, Craig Smith wrote:
The syslog messages that are coming from an APC UPS are in the format:Jun 16 03:07:58 192.168.69.120 APC: Test Syslog. Even with a proper DNS setup I can’t get the IP address converted to a host name: For example: Jun 16 03:07:58 nashnh.south10.apc.01 APC: Test Syslog. I’d like to create a rule based on the from IP address that changes the IP to a specified hostname, as all the other entries have the host name and not the IP.
The default templates use the HOSTNAME property, by definition this is set by the sending machine, if it puts a hostname there you have a hostname, if it puts a IP address there you get a IP address. Rsyslog never changes this field (there are some heuristics that will populate this if it's not set by the sending system.
Try logging the messages with the RSYSLOG_DebugFormat template so that you can see all the properties that are set.
I suspect that what you are looking for would be the FROMHOST property. This is the reverse DNS lookup of the system that send the logs to this rsyslog server so if it goes through a relay, this is the relay server, not the system that generated the message)
David Lang
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
