On Sun, 5 May 2024, Alberto via rsyslog wrote:
El 5/5/24 a las 22:02, David Lang escribió:
...
I only need filter by source, but all fields (FROMHOST, HOSTNAME,
FROMHOST-IP...) that can give me any information are useless because
appears Docker host IP, not real source host IP, and I cannot populate
fromhost (I've probed, anyway).
which end is on docker? the sender or the receiver?
Docker is the host of Rsyslog Server container (receiver) which is Server.
Sender is the old system.
In that case, what you need to do is change your docker config so that rsyslog
sees the real sender IP, you can NAT outbound from the docker container, but not
inbound to it.
David Lang
if fromhost-ip isn't useful, then fromhost won't be either as it's a
lookup from fromhost-ip
what is the sending system?
David Lang
PROGRAMNAME, SYSLOGTAG, APP-NAME... give me app name not source
hostname information.
I have put "$PreserveFQDN on" directive thinking that it could be
useful. I'll remove it.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
