Please... Anyone? On Feb 2, 2012 2:17 PM, "Michael Maymann" <mich...@maymann.org> wrote:
> Hi, > > got it started... but still ??? dir+logfiles are showing up... > This is now my rsyslog.conf: > #SET PRIVILEGES > $PreserveFQDN on > $PrivDropToGroup <GROUP> > $PrivDropToUser <USER> > $DirCreateMode 0750 > $FileCreateMode 0640 > $UMASK 0027 > > #LOAD MODULES > $ModLoad imudp > $UDPServerRun 514 > $UDPServerAddress 127.0.0.1 > $ModLoad imtcp > $InputTCPServerRun 514 > > #SET DESTINATION FOR LOGS > $template > DYNmessages,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_messages" > $template DYNsecure,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_secure" > $template > DYNmaillog,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_maillog" > $template DYNcron,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_cron" > $template > DYNspooler,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_spooler" > $template DYNboot,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_boot.log" > $template DYNtraps,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_traps" > > $template > DYNIPmessages,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_messages" > $template > DYNIPsecure,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_secure" > $template > DYNIPmaillog,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_maillog" > $template > DYNIPcron,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_cron" > $template > DYNIPspooler,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_spooler" > $template > DYNIPboot,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_boot.log" > $template > DYNIPtraps,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_traps" > > #SET LOGGING CONDITIONS > if $syslogseverity <= '6' and $fromhost != '???' then ?DYNmessages > if $syslogfacility-text == 'authpriv' and $fromhost != '???' then > ?DYNsecure > if $syslogfacility-text == 'mail' and $fromhost != '???' then ?DYNmaillog > if $syslogfacility-text == 'cron' and $fromhost != '???' then ?DYNcron > if $syslogseverity-text == 'crit' and $fromhost != '???' then ?DYNspooler > if $syslogfacility-text == 'local7' and $fromhost != '???' then ?DYNboot > if $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING' > and $fromhost != '???' then ?DYNtraps > > if $syslogseverity <= '6' and $fromhost == '???' then ?DYNIPmessages > if $syslogfacility-text == 'authpriv' and $fromhost == '???' then > ?DYNIPsecure > if $syslogfacility-text == 'mail' and $fromhost == '???' then ?DYNIPmaillog > if $syslogfacility-text == 'cron' and $fromhost == '???' then ?DYNIPcron > if $syslogseverity-text == 'crit' and $fromhost == '???' then ?DYNIPspooler > if $syslogfacility-text == 'local7' and $fromhost == '???' then ?DYNIPboot > if $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING' > and $fromhost == '???' then ?DYNIPtraps > > I have tried with $fromhost, $fromhost-ip and $hostname - but all creates > ??? dir+files... > What variable should I use to handle this properly ? > > > Thanks in advance :-) ! > ~maymann > > 2012/2/2 Michael Maymann <mich...@maymann.org> > >> Hi, >> >> David: thanks for your reply... >> Here is my new rsyslog.conf: >> #SET PRIVILEGES >> $PreserveFQDN on >> $PrivDropToGroup <GROUP> >> $PrivDropToUser <USER> >> $DirCreateMode 0750 >> $FileCreateMode 0640 >> $UMASK 0027 >> >> #LOAD MODULES >> $ModLoad imudp >> $UDPServerRun 514 >> $UDPServerAddress 127.0.0.1 >> $ModLoad imtcp >> $InputTCPServerRun 514 >> >> #SET DESTINATION FOR LOGS >> $template >> DYNmessages,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_messages" >> $template >> DYNsecure,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_secure" >> $template >> DYNmaillog,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_maillog" >> $template DYNcron,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_cron" >> $template >> DYNspooler,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_spooler" >> $template >> DYNboot,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_boot.log" >> $template DYNtraps,"PATH_TO/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_traps" >> >> $template >> DYNIPmessages,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_messages" >> $template >> DYNIPsecure,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_secure" >> $template >> DYNIPmaillog,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_maillog" >> $template >> DYNIPcron,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_cron" >> $template >> DYNIPspooler,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_spooler" >> $template >> DYNIPboot,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_boot.log" >> $template >> DYNIPtraps,"PATH_TO/%FROMHOST-IP%/%FROMHOST-IP%_%$YEAR%.%$MONTH%_traps" >> >> #SET LOGGING CONDITIONS >> if $syslogseverity <= '6' and %FROMHOST% != '???' then ?DYNmessages >> if $syslogfacility-text == 'authpriv' and %FROMHOST% != '???' then >> ?DYNsecure >> if $syslogfacility-text == 'mail' and %FROMHOST% != '???' then ?DYNmaillog >> if $syslogfacility-text == 'cron' and %FROMHOST% != '???' then ?DYNcron >> if $syslogseverity-text == 'crit' and %FROMHOST% != '???' then ?DYNspooler >> if $syslogfacility-text == 'local7' and %FROMHOST% != '???' then ?DYNboot >> if $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING' >> and %FROMHOST% != '???' then ?DYNtraps >> >> if $syslogseverity <= '6' and %FROMHOST% == '???' then ?DYNIPmessages >> if $syslogfacility-text == 'authpriv' and %FROMHOST% == '???' then >> ?DYNIPsecure >> if $syslogfacility-text == 'mail' and %FROMHOST% == '???' then >> ?DYNIPmaillog >> if $syslogfacility-text == 'cron' and %FROMHOST% == '???' then ?DYNIPcron >> if $syslogseverity-text == 'crit' and %FROMHOST% == '???' then >> ?DYNIPspooler >> if $syslogfacility-text == 'local7' and %FROMHOST% == '???' then >> ?DYNIPboot >> if $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING' >> and %FROMHOST% == '???' then ?DYNIPtraps >> >> but it fails...: >> # service rsyslog start >> Starting system logger: rsyslogd: run failed with error -2207 (see >> rsyslog.h or try http://www.rsyslog.com/e/2207 to learn what that number >> means) >> [ OK ] >> >> my guess is it is my %FROMHOST% == '???' - is this format correct or how >> is this done... >> >> >> Thanks in advance :-) ! >> ~maymann >> >> >> 2012/2/1 <da...@lang.hm> >> >> On Wed, 1 Feb 2012, Michael Maymann wrote: >>> >>> Hi, >>>> >>>> I want to log information about hosts that are not logging with correct >>>> HOSTNAME. >>>> In my current setup, I get a dir "???" where these host(s) are logging >>>> to... >>>> >>>> I would like to change this to the hosts IP instead, something like: >>>> if %FROMHOST% == '???' then %FROMHOST% == %IP >>>> >>> >>> rsyslog cannot do what you are asking. It can't assign a value to a >>> property. >>> >>> what you can do is to setup a different template and then if %fromhost% >>> is your special pattern you can log with this different template. >>> >>> David Lang >>> ______________________________**_________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>> >> >> > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
