Hello rsyslog experts,
newbie writing his first post to the list here...
I am setting up a central rsyslog server, collecting all syslog messages from any type of computer and other devices. Clients run different variants of syslog, up to networked IoT devices sending dumb messages. So I can't format messages on the client. All I can do is making the rsyslog server to cope with it somehow.
Collected messages are stored in a separate subdirectory named after the client. I would prefer to use the short client name for this directory. But I keep getting the FQDN.
I switched the global option PreserveFQDN to off, but it had no effect. Is this option only meant for the sending clients or is it supposed to work on the receiving server as well?
What other ways would be possible to shorten the path for the storage? Would I need to build this into the template?
My current template is
$template RemoteLogs,"/var/log/loghost/%FROMHOST%/syslog
Is there another variable as replacement for FROMHOST containing only the short name of the sending client? I tried HOSTNAME , but this also contained the FQDN.
Any tipps or (learning) hints are appreciated.
Best regards,
Frank
--
Frank Morawietz
IT Systems Administrator Global Computational Chemistry & Biology
Healthcare | Discovery Development Technologies
Merck Healthcare KGaA | Frankfurter Str. 250 | Postcode: D050/902 | 64293 Darmstadt | Germany
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.
Click merckgroup.com/disclaimer<https://www.merckgroup.com/en/legal-disclaimer/mail-disclaimer.html> to access the German, French, Spanish, Portuguese, Turkish, Polish and Slovak versions of this disclaimer.
Please find our Privacy Statement information by clicking here: merckgroup.com/privacy-statements-by-location<https://www.merckgroup.com/en/privacy-statement/privacy-statements-by-location.html>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
newbie writing his first post to the list here...
I am setting up a central rsyslog server, collecting all syslog messages from any type of computer and other devices. Clients run different variants of syslog, up to networked IoT devices sending dumb messages. So I can't format messages on the client. All I can do is making the rsyslog server to cope with it somehow.
Collected messages are stored in a separate subdirectory named after the client. I would prefer to use the short client name for this directory. But I keep getting the FQDN.
I switched the global option PreserveFQDN to off, but it had no effect. Is this option only meant for the sending clients or is it supposed to work on the receiving server as well?
What other ways would be possible to shorten the path for the storage? Would I need to build this into the template?
My current template is
$template RemoteLogs,"/var/log/loghost/%FROMHOST%/syslog
Is there another variable as replacement for FROMHOST containing only the short name of the sending client? I tried HOSTNAME , but this also contained the FQDN.
Any tipps or (learning) hints are appreciated.
Best regards,
Frank
--
Frank Morawietz
IT Systems Administrator Global Computational Chemistry & Biology
Healthcare | Discovery Development Technologies
Merck Healthcare KGaA | Frankfurter Str. 250 | Postcode: D050/902 | 64293 Darmstadt | Germany
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.
Click merckgroup.com/disclaimer<https://www.merckgroup.com/en/legal-disclaimer/mail-disclaimer.html> to access the German, French, Spanish, Portuguese, Turkish, Polish and Slovak versions of this disclaimer.
Please find our Privacy Statement information by clicking here: merckgroup.com/privacy-statements-by-location<https://www.merckgroup.com/en/privacy-statement/privacy-statements-by-location.html>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.