rsyslog: Use %fromhost% instead of %hostname%.

Using hostname did not always work, since that use the hostname
specified in the message itself (In particular some kernel messages
without a hostname were seen). using %fromhost% always uses the hostname
of the host the message was received from. This might break in NAT and
forwarding situations, but those do not apply here.

diff --git a/etc/logcheck/ignore.d.server/000-local-vuurmuur b/etc/logcheck/ignore.d.server/000-local-vuurmuur
new file mode 100644 (file)
index 0000000..c8e2b61
--- /dev/null
+++ b/etc/logcheck/ignore.d.server/000-local-vuurmuur
@@ -0,0 +1 @@
+vrmr: DROP.*

diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf
index b1f88e27b23739e50225651c3df4134ed557c87d..df51b37400735306eaba72e1fd8fcfdaa5c01c50 100644 (file)
--- a/etc/rsyslog.conf
+++ b/etc/rsyslog.conf
@@ -54,9 +54,9 @@ $IncludeConfig /etc/rsyslog.d/*.conf
 ########################
 
 # Log lines received from other servers (as well as our own logs) centrally.
-$template FacilityLog,"/data/log/rsyslog/%hostname%/facilities/%syslogfacility-text%.log"
-$template SeverityLog,"/data/log/rsyslog/%hostname%/severities/%syslogseverity-text%.log"
-$template AppLog,"/data/log/rsyslog/%hostname%/apps/%app-name%.log"
+$template FacilityLog,"/data/log/rsyslog/%fromhost%/facilities/%syslogfacility-text%.log"
+$template SeverityLog,"/data/log/rsyslog/%fromhost%/severities/%syslogseverity-text%.log"
+$template AppLog,"/data/log/rsyslog/%fromhost%/apps/%app-name%.log"
 
 # Use a verbose logging format
 $template LogFormat, "%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %syslogfacility-text%.%syslogseverity-text%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"