Hi,
I have a host with very old firmware that I cannot update, with
syslogd/klogd 1.5.0.
I'm sending their logs to remote Rsyslog server (Docker container
actually), but when I filter for get files by hostname/source IP..., I
don't get real "hostname" or "Fromhost" because it gives me host's IP.
This is an debug example:
"Debug line with all properties:
FROMHOST: '172.22.0.1'
HOSTNAME: '172.22.0.1'
PROGRAMNAME: 'upsmon'
FROMHOST-IP: '172.22.0.1'
SYSLOGTAG: 'upsmon[27392]:-'
APP-NAME: 'upsmon'
PROCID: '27392'
MSGID: '-'
INPUTNAME: 'imudp'
PRI: '27'
STRUCTURED-DATA: -',
MSG: ' Poll UPS [ups@xxxxxxx] failed - [ups] does not exist on server
xxxxxx',
RAWMSG: '<27>upsmon[27392]: Poll UPS [ups@xxxxxxxxxx] failed - [ups]
does not exist on server xxxxxxx"
I thought about adding an TAG in source host, but I don't know why do it
in a syslogd/klogd so old.
This is the old source host configuration:
root@buffalo:~# cat /etc/syslog.conf
#cron.* /var/log/cron
#user.info /var/log/linkstation.log
*.emerg *
#local0.* /var/log/linkstation.log
local6.* /var/log/file.smb
local7.* /var/log/backup.log
*.info;cron.none;user.none;local6.none /var/log/messages
$PreserveFQDN on
*.* @192.168.1.2
Any Idea?
Best Regards,
Alberto
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
