From: Matthijs Kooijman Date: Thu, 7 May 2009 07:32:32 +0000 (+0200) Subject: rsyslog: Use %fromhost% instead of %hostname%. X-Git-Url: https://git.stderr.nl/gitweb?a=commitdiff_plain;h=0aa0fe222efe2de40ad6e2dbcfeda0dde1f78e16;hp=2eb6211999af551ce72f177ff229acbf0ee08127;p=matthijs%2Fservers%2Fdrsnuggles.git rsyslog: Use %fromhost% instead of %hostname%. Using hostname did not always work, since that use the hostname specified in the message itself (In particular some kernel messages without a hostname were seen). using %fromhost% always uses the hostname of the host the message was received from. This might break in NAT and forwarding situations, but those do not apply here. --- diff --git a/etc/logcheck/ignore.d.server/000-local-vuurmuur b/etc/logcheck/ignore.d.server/000-local-vuurmuur new file mode 100644 index 0000000..c8e2b61 --- /dev/null +++ b/etc/logcheck/ignore.d.server/000-local-vuurmuur @@ -0,0 +1 @@ +vrmr: DROP.* diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf index b1f88e2..df51b37 100644 --- a/etc/rsyslog.conf +++ b/etc/rsyslog.conf @@ -54,9 +54,9 @@ $IncludeConfig /etc/rsyslog.d/*.conf ######################## # Log lines received from other servers (as well as our own logs) centrally. -$template FacilityLog,"/data/log/rsyslog/%hostname%/facilities/%syslogfacility-text%.log" -$template SeverityLog,"/data/log/rsyslog/%hostname%/severities/%syslogseverity-text%.log" -$template AppLog,"/data/log/rsyslog/%hostname%/apps/%app-name%.log" +$template FacilityLog,"/data/log/rsyslog/%fromhost%/facilities/%syslogfacility-text%.log" +$template SeverityLog,"/data/log/rsyslog/%fromhost%/severities/%syslogseverity-text%.log" +$template AppLog,"/data/log/rsyslog/%fromhost%/apps/%app-name%.log" # Use a verbose logging format $template LogFormat, "%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %syslogfacility-text%.%syslogseverity-text%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"