I have the following entry in my rsyslog conf, to match entries based on IP
address. Somehow it's not matching any entries.
# Switches
$FileCreateMode 0644
:FROMHOST, isequal, "65.182.224.13" -?switches # Necalea
:FROMHOST, isequal, "65.182.224.202" -?switches
:FROMHOST, isequal, "66.206.80.60" -?switches
If I do a tcpdump I see syslog hitting the box, it's just rsyslog isn't
handling it right.
11:58:20.722867 IP 65.182.224.13.8888 > 65.182.224.26.514: SYSLOG
local4.info, length: 121
11:58:23.962613 IP 65.182.224.13.8888 > 65.182.224.26.514: SYSLOG
local4.info, length: 130
11:58:41.242621 IP 65.182.224.13.8888 > 65.182.224.26.514: SYSLOG
local4.info, length: 108
11:58:45.874064 IP 65.182.224.13.8888 > 65.182.224.26.514: SYSLOG
local4.info, length: 130
This box gets about 500 lines of syslog a minute so I can't really turn on
debug. How else can I troubleshoot this? This is a Fedora 8 box running:
rsyslog-2.0.2-3.fc8
- Scott
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
address. Somehow it's not matching any entries.
# Switches
$FileCreateMode 0644
:FROMHOST, isequal, "65.182.224.13" -?switches # Necalea
:FROMHOST, isequal, "65.182.224.202" -?switches
:FROMHOST, isequal, "66.206.80.60" -?switches
If I do a tcpdump I see syslog hitting the box, it's just rsyslog isn't
handling it right.
11:58:20.722867 IP 65.182.224.13.8888 > 65.182.224.26.514: SYSLOG
local4.info, length: 121
11:58:23.962613 IP 65.182.224.13.8888 > 65.182.224.26.514: SYSLOG
local4.info, length: 130
11:58:41.242621 IP 65.182.224.13.8888 > 65.182.224.26.514: SYSLOG
local4.info, length: 108
11:58:45.874064 IP 65.182.224.13.8888 > 65.182.224.26.514: SYSLOG
local4.info, length: 130
This box gets about 500 lines of syslog a minute so I can't really turn on
debug. How else can I troubleshoot this? This is a Fedora 8 box running:
rsyslog-2.0.2-3.fc8
- Scott
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com