Re: [rsyslog] Forward messages from rsyslog server to JSON elasticSeach connector

On Mon, 19 Feb 2018, sophie.loewenthal--- via rsyslog wrote: Thank you Deoren for your thoughts. I've seen some junk hostnames already appear in the logging directory. Thanks for your explanation. I can create an IP to Hostname table like IP:HOSTNAME pairs, but unsure how rsyslog could use

Re: [rsyslog] Rsyslog: how do I override the hostname when forwarding log messages?

Templates are how you format output (including forwarding), how messy this is depends on what you are doing. You could have all your stuff send to 514UDP on localhost, and then have a filter that looks for any messages with a fromhost-ip of 127.0.0.1 and output them with a template that has a

Re: [rsyslog] central syslog and cisco device hostnames

the first thing to do when you aren't getting what you expect is to log the messages with the template RSYSLOG_DebugFormat so you can see what you have to work with Please post a log message in this format so we can see what you have to work with. It's very possible that the Cisco is not

Re: [rsyslog] action.execOnlyWhenPreviousIsSuspended not working as expected

On Sun, 11 Feb 2018, Nicholas von Waltsleben wrote: The only question I then have is why does it log that the action has been suspended, if enqueuing the message was the action? enqueuing the message is what happens just before the "previous is suspended" check is made. At a later time,

Re: [rsyslog] Forward messages from rsyslog server to JSON elasticSeach connector

On 2/19/2018 10:17 AM, sophie.loewenthal--- via rsyslog wrote: Thank you Deoren for your thoughts. Welcome. Hopefully others will chime in with more details. I've seen some junk hostnames already appear in the logging directory. Thanks for your explanation. I can create an IP to Hostname

Re: [rsyslog] Forward messages from rsyslog server to JSON elasticSeach connector

Thank you Deoren for your thoughts. I've seen some junk hostnames already appear in the logging directory. Thanks for your explanation. I can create an IP to Hostname table like IP:HOSTNAME pairs, but unsure how rsyslog could use this to lookup the incoming IP address. Is there a feature

Re: [rsyslog] Rsyslog: how do I override the hostname when forwarding log messages?

On 2/19/2018 9:26 AM, deoren wrote: On 2/19/2018 8:52 AM, Graham Leggett via rsyslog wrote: Hi all, I have a number of java services that include support for logging to syslog, but unfortunately they can only log by sending udp packets to port 514. This is not in itself a problem, however

Re: [rsyslog] Forward messages from rsyslog server to JSON elasticSeach connector

On 2/19/2018 9:29 AM, sophie.loewenthal--- via rsyslog wrote: Hi, Does this configuration look ok begore I let this configuration rip in production? A server running rsyslog 8.7.4 on Solaris 11 that receives TCP and UDP messages from a mixture of syslog and rsyslog clients . Each client

[rsyslog] Forward messages from rsyslog server to JSON elasticSeach connector

Hi, Does this configuration look ok begore I let this configuration rip in production? A server running rsyslog 8.7.4 on Solaris 11 that receives TCP and UDP messages from a mixture of syslog and rsyslog clients . Each client has a %HOST.log created on the server file system. The rsyslog

Re: [rsyslog] central syslog and cisco device hostnames

On 2/16/2018 3:56 PM, John Ratliff wrote: When my rsyslog server receives packets from our cisco switches, instead of logging it with the hostname, it logs it with the IP address. How can I get rsyslog to use the hostname instead? See the "how do I override the hostname when forwarding log

Re: [rsyslog] Rsyslog: how do I override the hostname when forwarding log messages?

On 2/19/2018 8:52 AM, Graham Leggett via rsyslog wrote: Hi all, I have a number of java services that include support for logging to syslog, but unfortunately they can only log by sending udp packets to port 514. This is not in itself a problem, however these services have no stable

[rsyslog] Rsyslog: how do I override the hostname when forwarding log messages?

Hi all, I have a number of java services that include support for logging to syslog, but unfortunately they can only log by sending udp packets to port 514. This is not in itself a problem, however these services have no stable predictable behaviour when it comes to hostname handling, and so

Re: [rsyslog] central syslog and cisco device hostnames

You want to use something other than %HOSTNAME%, see the list of properties available at . You might also want to set the hostname on the Cisco switch, search for cisco ios set hostname with your favourite search engine.