Re: Rsyslog template

To: debian-user@lists.debian.org
Subject: Re: Rsyslog template
From: Stan Hoeppner <stan@hardwarefreak.com>
Date: Tue, 26 Jan 2010 18:56:40 -0600
Message-id: <[🔎] 4B5F8F48.8060501@hardwarefreak.com>
In-reply-to: <[🔎] 4A09477D575C2C4B86497161427DD94C149F788502@city-exchange07>
References: <[🔎] 4A09477D575C2C4B86497161427DD94C149F788502@city-exchange07>

James Zuelow put forth on 1/26/2010 5:13 PM:
> I have a Lenny server that is acting as a remote syslog server for a variety of devices.
> 
> Most of the devices are listed by hostname or IP address in their log entries.  Other servers, or devices such as HP Procurve switches are listed by IP address.  However I have nine D-Link DWL3200AP WAPs that do not have any sort of IP address or hostname associated with their log entries.  So I get nice logs saying that the WAP has associated with a particular MAC address, but I do not know which WAP that was.
> 
> I think this is because the default rsyslog template does not include hostname or IP address unless the sending device sends it along.
> 
> Googling for "rsyslog default template" leads to lots of pages that mention it, but no pages that I saw that describe what it is other than the default template is hard coded into rsyslog.  All I want is to get rsyslog to report the source IP address of a remote log entry.  The rest would remain the same.
> 
> Does anyone know the default template for rsyslog, or a template that will always include the source IP address of a remote log entry?

Seems they put their network management eggs in the SNMP basket.  Log into the
web interface of one of the units and look at the "Tools" tab.  You can assign a
unique name there on each access point.  I don't know if that will only show up
in SNMP data or if that name will also then be logged via syslog.  Either way,
I'd def plug a unique name in here on each AP and reboot it.

Look at their network management utility, comes on a CD bundled with the AP.
It's geared toward SNMP.  Also, look at your manual.  It's where I found all
this info:
ftp://ftp.dlink.com/Wireless/dwl3200AP/Manual/dwl3200AP_Manual_104.zip

If you can't get syslog to do what you want, and you don't already have an SNMP
infrastructure/collector, now might be a good time to start building one.  SNMP
is the standard for network device monitoring, not syslog--likely the reason
DLink put more effort into SNMP than syslog.

-- 
Stan

Reply to:

References:
- Rsyslog template
  - From: James Zuelow <James_Zuelow@ci.juneau.ak.us>

Prev by Date: Re: lenny backups and recovery
Next by Date: Re: Root filesystem full; faubackup problem?
Previous by thread: Rsyslog template
Next by thread: Re: Rsyslog template
Index(es):
- Date
- Thread