RE: Rsyslog template
> -----Original Message-----
> From: Stan Hoeppner [mailto:stan@hardwarefreak.com]
> Sent: Tuesday, 26 January, 2010 20:22
> To: debian-user
> Cc: James Zuelow
> Subject: Re: Rsyslog template
> You might try just commenting out the original you have, and
> entering something
> like:
> $ActionFileDefaultTemplate TraditionalFormat,%timegenerated%
> %HOSTNAME%
> %syslogtag%%msg%\n
>
> I don't know if that will work, but that's the first thing
> I'd try. If you
Thanks Stan, that one worked. I should have read my dwww docs a bit more as that line is listed as one of the template examples on the rsyslog.conf page. It's a shame to have dwww installed and keep forgetting to search it...
> don't have DNS hostname entries for the APs' IP addresses,
> then I'd replace
> "%HOSTNAME%" above with "%FROMHOST-IP%" which should just log
> the remote IP address.
>
Interestingly I *do* see references to FROMHOST-IP and fromhost-ip on the web, but when I tried it here I lost hostname resolution in the log files and instead got **INVALID PROPERTY NAME**. However HOSTNAME will enter the IP address if there is not reverse DNS.
So the default template must be similar to the example TraditionalFormat, but without the %HOSTNAME% component. I was wondering if I would see double hostnames after adding it, but I do not so rsyslog must be smart enough to recognise it's presence and not repeat it if it is in the syslog message body. That's just a WAG on my part though.
But I am now getting IP address information on my DWL-3200AP units, and I have not had to revert to sysklogd, so I should be OK if sysklogd gets dropped from squeeze or squeeze+1 for whatever reason.
Cheers, and thanks again.
James Zuelow
Network Specialist
City and Borough of Juneau MIS (907)586-0236
Reply to: