Addition
RSYSLOG CONFIGURATION:
Aug 21 11:35:44 1672072 08/21/2007 11:35:05.830 SEV=4 CONFIG/17 RPT=18
Done writing configuration file, Success.
Older SYSLOG CONFIGURATION
Aug 21 11:34:13 <HOSTNAME> 1672023 08/21/2007 11:33:32.910 SEV=4
CONFIG/17 RPT=16 Done writing configuration file, Success.
Actually older syslog is writing hostname in front of message id and
rsyslog is not logging the hostname ( The logs are sent from a CISCO
IOS)
Regards,
Ashutosh
-----Original Message-----
From: rsyslog-bounces@lists.adiscon.com
[mailto:rsyslog-bounces at lists.adiscon.com] On Behalf Of Kaul, Ashutosh
Sent: Tuesday, August 21, 2007 10:08 AM
To: rsyslog-users
Subject: Re: [rsyslog] Rsyslog /var/log/messages
Hi Rainer/all,
Thanks for the help, actually there were two problems,
1) Not able to log hostname from HP-UX - Sorted by using the %HOSTNAME%
directive
2) Not able to log hostname from CISCO IOS. It's able to send to old
syslog server - Still Pending.
Pasting the logs for the same
Aug 21 09:56:08 50644414 08/21/2007 08:56:20.820 SEV=5 <xX> RPT=1426140
<IP ADDRESS> Group [groupname] User [ysofer] Sending IKE Delete With
Reason message: No Reason Provided.
Aug 21 09:56:08 50644418 08/21/2007 08:56:20.830 SEV=4<AUTH0>
RPT=1013753 <IPADRESS> User [username] Group [Groupname] disconnected:
Session Type: IPSec/NAT-T Duration: 7:59:39 Bytes xmt: 27550464 Bytes
rcv: 11482680 Reason: User Requested
Aug 21 09:56:08 50644418 08/21/2007 08:56:20.830 SEV=4 <AUTH/28>
RPT=1013753 <IP ADDRESS> User [username] Group [Group Name]
disconnected: Session Type: IPSec/NAT-T Duration: 7:59:39 Bytes xmt:
27550464 Bytes rcv: 11482680 Reason: User Requested
And really appreciate the support provided by all.
Regards,
Ashutosh
-----Original Message-----
From: rsyslog-bounces@lists.adiscon.com
[mailto:rsyslog-bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards
Sent: Friday, August 17, 2007 3:11 AM
To: rsyslog-users
Subject: Re: [rsyslog] Rsyslog /var/log/messages
Can you post the output of %rawmsg% - I think it has to do with the
message. However, FROMHOST should always work. I would be useful if you
run it in debug mode (-d -n) and post that output, too.
Rainer
> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com
> [mailto:rsyslog-bounces at lists.adiscon.com] On Behalf Of Kaul, Ashutosh
> Sent: Thursday, August 16, 2007 3:14 PM
> To: rsyslog-users
> Subject: [rsyslog] Rsyslog /var/log/messages
>
> Hi all,
>
> I have a installed and configured rsyslog-1.17.6 for a centralized
> syslog server, currently it's accepting syslogs at both UDP as well as
> TCP but when I check my /var/log/messages file I find that it doesn't
> log the hostname.
>
> Pasting the one of the syslog
> Aug 16 08:07:56 50091162 08/16/2007 07:08:03.390 ..truncated
>
> In place of 50091162 it should log the ip address.
>
> I did some initial research in which it was mentioned the template
> needs to have %FROMHOST% rather than %HOSTNAME% which I did but to no
> luck.
>
> http://www.rsyslog.com/PNphpBB2-viewtopic-t-101.phtml
>
> Thanks in advance for help.
>
> Regards,
> Ashutosh
>
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog _______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog