Date: Fri, 29 Jul 2022 18:37:13 +0000
From: "Singh, Radesh" <radesh_si...@csx.com>
To: David Lang <da...@lang.hm>
Cc: rsyslog-users <rsyslog@lists.adiscon.com>
Subject: Re: [rsyslog] [E] Re: How to view messages
David,
I was able to see more of the messages using the DebugFormat, so thank you so
much for that information.
Riddle me this…
I see that HOSTNAME on a particular message is not the hostname as would be
reported if I did a reverse DNS lookup, but instead is the IP address of the
host.
Why isn’t rsyslog printing the hostname instead of IP?
Just taking a portion of a message:
FROMHOST: '10.84.180.239', fromhost-ip: '10.84.180.239', HOSTNAME:
'10.84.180.239', PRI: 189,
syslogtag 'date=2022-07-29', programname: 'date=2022-07-29', APP-NAME:
'date=2022-07-29', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Jul 29 13:30:40',
If I do a dig -x against the IP listed in FROMHOST/FROMHOST-IP, I get a name…
why isn’t that name being printed in the message?
BTW, I’m running this version of rsyslog:
rsyslog-8.24.0-16.el7_5.4.x86_64
Thanks,
Shawn Singh
Systems Architect II | Cloud Platform Services | CSX Technology
904-633-5745
“Ah… It seems I’ve offended two people at once, how fortuitous.” – Wednesday
Addams
From: David Lang <da...@lang.hm>
Date: Thursday, July 28, 2022 at 6:03 PM
To: Singh, Radesh <radesh_si...@csx.com>
Cc: rsyslog-users <rsyslog@lists.adiscon.com>
Subject: Re: [rsyslog] [E] Re: How to view messages
you want the RSYSLOG_DebugFormat for this. properties are things
generated/parsed by rsyslog, not part of the raw message that was received.
David Lang On Thu, 28 Jul 2022, Singh, Radesh wrote: > Date:
Thu, 28 Jul 2022 21:04:55 +0000 >
you want the RSYSLOG_DebugFormat for this.
properties are things generated/parsed by rsyslog, not part of the raw message
that was received.
David Lang
On Thu, 28 Jul 2022, Singh, Radesh wrote:
> Date: Thu, 28 Jul 2022 21:04:55 +0000
> From: "Singh, Radesh" <radesh_si...@csx.com>
> To: rsyslog-users <rsyslog@lists.adiscon.com>, David Lang <da...@lang.hm>
> Subject: Re: [rsyslog] [E] Re: How to view messages
>
>
> I’m trying to see what the value of each property is when rsyslog receives a
message from certain hosts to see if maybe something isn’t being set right.
>
>
>
> The problem is messages get written to:
>
>
>
> /var/remote/logs/<IP_ADDRESS>/…
>
> We’d like them to be written to:
>
> /var/remote/logs/<HOSTNAME>/
>
>
>
> I’ve confirmed that name resolution is successful for the host sending the
message, so I’m wondering if there is something with the message itself where
maybe the message isn’t in the right format.
>
>
>
> Radesh
>
>
>
> From: rsyslog <rsyslog-boun...@lists.adiscon.com> on behalf of Singh, Radesh via
rsyslog <rsyslog@lists.adiscon.com>
> Date: Thursday, July 28, 2022 at 4:58 PM
> To: David Lang <da...@lang.hm>, Singh, Radesh via rsyslog
<rsyslog@lists.adiscon.com>
> Cc: Singh, Radesh <radesh_si...@csx.com>
> Subject: Re: [rsyslog] [E] Re: How to view messages
>
> _______________________________________________ rsyslog mailing list
>
https://urldefense.com/v3/__https://lists.adiscon.net/mailman/listinfo/rsyslog__;!!Cboii82wLg!Aljtd6YixmXRf0TNbiSbCwGRYL322HphLiIFgDY6kSdPBwkjUn55eQGyu7mXVkXFqLHIP4jUvPuUL_DcXDNMhA$
>
>
>
> _______________________________________________
>
> rsyslog mailing list
>
> https://urldefense.com/v3/__https://lists.adiscon.net/mailman/listinfo/rsyslog__;!!Cboii82wLg!Aljtd6YixmXRf0TNbiSbCwGRYL322HphLiIFgDY6kSdPBwkjUn55eQGyu7mXVkXFqLHIP4jUvPuUL_DcXDNMhA$
>
> https://urldefense.com/v3/__http://www.rsyslog.com/professional-services/__;!!Cboii82wLg!Aljtd6YixmXRf0TNbiSbCwGRYL322HphLiIFgDY6kSdPBwkjUn55eQGyu7mXVkXFqLHIP4jUvPuUL_DkJHcmcQ$
>
> What's up with rsyslog? Follow https://urldefense.com/v3/__https://twitter.com/rgerhards__;!!Cboii82wLg!Aljtd6YixmXRf0TNbiSbCwGRYL322HphLiIFgDY6kSdPBwkjUn55eQGyu7mXVkXFqLHIP4jUvPuUL_ABUX-vjA$
>
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
> This email transmission and any accompanying attachments may contain CSX
privileged and confidential or business proprietary information intended only for
the use of the intended addressee. Any
> dissemination, distribution, forwarding, copying, or action taken in reliance
on the contents of this email by anyone other than the intended recipient is
strictly prohibited. If you have received th
is
> email in error please immediately delete it, destroy all copies, and notify
the sender at the above CSX email address.
>
This email transmission and any accompanying attachments may contain CSX
privileged and confidential or business proprietary information intended only
for the use of the intended addressee. Any
dissemination, distribution, forwarding, copying, or action taken in reliance
on the contents of this email by anyone other than the intended recipient is
strictly prohibited. If you have received this
email in error please immediately delete it, destroy all copies, and notify the
sender at the above CSX email address.
