[rsyslog] Remove spaces with property replace

Hi, This must to be a very easy solution, but I can't see it. I want remove spaces from a property replace result in a template, and I don't know why. My template: template(name="tLogJOSTwrt" type="list") {     constant(value="/logs/wrt/")     property(name="timereported" dateformat="year")

[rsyslog] [Maybe OFF-TOPIC] Add TAG in syslogd/klogd

Hi, I have a host with very old firmware that I cannot update, with syslogd/klogd 1.5.0. I'm sending their logs to remote Rsyslog server (Docker container actually), but when I filter for get files by hostname/source IP..., I don't get real "hostname" or "Fromhost" because it gives me host's

Re: [rsyslog] [Maybe OFF-TOPIC] Add TAG in syslogd/klogd

On Sun, 5 May 2024, Alberto via rsyslog wrote: I have a host with very old firmware that I cannot update, with syslogd/klogd 1.5.0. I'm sending their logs to remote Rsyslog server (Docker container actually), but when I filter for get files by hostname/source IP..., I don't get real "hostnam

Re: [rsyslog] [Maybe OFF-TOPIC] Add TAG in syslogd/klogd

El 5/5/24 a las 21:28, David Lang escribió: On Sun, 5 May 2024, Alberto via rsyslog wrote: I have a host with very old firmware that I cannot update, with syslogd/klogd 1.5.0. I'm sending their logs to remote Rsyslog server (Docker container actually), but when I filter for get files by ho

Re: [rsyslog] [Maybe OFF-TOPIC] Add TAG in syslogd/klogd

On Sun, 5 May 2024, Alberto via rsyslog wrote: Hi David, This system don't have any MAN. I only need filter by source, but all fields (FROMHOST, HOSTNAME, FROMHOST-IP...) that can give me any information are useless because appears Docker host IP, not real source host IP, and I cannot popula

Re: [rsyslog] [Maybe OFF-TOPIC] Add TAG in syslogd/klogd

El 5/5/24 a las 22:02, David Lang escribió: ... I only need filter by source, but all fields (FROMHOST, HOSTNAME, FROMHOST-IP...) that can give me any information are useless because appears Docker host IP, not real source host IP, and I cannot populate fromhost (I've probed, anyway). which

Re: [rsyslog] [Maybe OFF-TOPIC] Add TAG in syslogd/klogd

On Sun, 5 May 2024, Alberto via rsyslog wrote: El 5/5/24 a las 22:02, David Lang escribió: ... I only need filter by source, but all fields (FROMHOST, HOSTNAME, FROMHOST-IP...) that can give me any information are useless because appears Docker host IP, not real source host IP, and I cannot po

Re: [rsyslog] [Maybe OFF-TOPIC] Add TAG in syslogd/klogd

Hello! If you can change the remote syslog port on your sender side, then there is another way. You can create a dedicated rsyslog input listening on a port (imptcp/imtcp/imudp), bind it to a ruleset, then assume that every message in the ruleset is from that expected sender (just do not use that