On Fri, Aug 15, 2014 at 5:13 PM, Mike Hoskins (michoski) <[email protected] > wrote:
> I thought %FROMHOST% caused a DNS lookup on rsyslog's side, while > %HOSTNAME% just used the hostname sent in the message...others will > correct if my memory is bad. That's right, but I think we fall back to a dns lookup if there is no detectable hostname in the message(not 100% sure, though). > So if %HOSTNAME% is not right, it must be > something on the client side. > > can very well be, but sounded more like DNS resolution. > I think you just use %rawmsg% to get the raw message. :-) > > http://www.rsyslog.com/doc/property_replacer.html > > yup or use *.* /var/log/messagedebug;RSYSLOG_DebugFormat which will write out all properties. Rainer > -----Original Message----- > From: Ivan Lezhnjov IV <[email protected]> > Reply-To: rsyslog-users <[email protected]> > Date: Friday, August 15, 2014 at 11:07 AM > To: rsyslog-users <[email protected]> > Subject: Re: [rsyslog] Template expands to IP address instead of a host > name > > >Suppose it is true. What fails to perform the DNS resolution then? > >rsyslog? How does it do it? > > > >Unfortunately, I do not know what the "rawmessage" is, nor how to look it > >up. I'd be happy to provide more information if somebody explained how to > >gather it. > > > >Ivan > > > >On Aug 15, 2014, at 5:49 PM, Rainer Gerhards <[email protected]> > >wrote: > > > >> Could this be a problem with DNS resolution during that timeframe? How > >>do > >> the messages themself look like (rawmesage, pls)? > >> > >> > >> On Fri, Aug 15, 2014 at 2:16 PM, Ivan Lezhnjov IV < > >> [email protected]> wrote: > >> > >>> A small correction. > >>> > >>> The fourth v5 client was affected too: > >>> > >>> |-- r > >>> | `-- 2014 > >>> | `-- 08 > >>> | `-- 14 > >>> | `-- syslog.log > >>> > >>> It happened at 18:50 like with the rest of hosts, but instead of an IP > >>> address or proper host name %HOSTNAME% was expanded to just "r" for > >>>this > >>> client. > >>> > >>> Ivan > >>> _______________________________________________ > >>> rsyslog mailing list > >>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com/professional-services/ > >>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >>>myriad > >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >>> DON'T LIKE THAT. > >>> > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >>myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST > >>if you DON'T LIKE THAT. > > > >_______________________________________________ > >rsyslog mailing list > >http://lists.adiscon.net/mailman/listinfo/rsyslog > >http://www.rsyslog.com/professional-services/ > >What's up with rsyslog? Follow https://twitter.com/rgerhards > >NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >DON'T LIKE THAT. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
