I have been using syslogd 1.4.1 for quite some time to gather syslogs
from multiple hosts which I then have a script which separates out the
logs based on the source host. I just rebuilt my syslog server and took
the opportunity to use rsyslogd 2.0.2 instead of the syslogd, but I
noticed that my syslogs no longer record the address of the source host
which will break my scripts. Is there any way to change this behavior?
Examples -
Syslogd:
Mar 4 08:05:47 10.10.1.1 Mar 04 2008 08:05:47:
%ASA-4-106023: Deny tcp src inside:x.x.x.x/3713 dst outside:x.x.x.x/1021
by access-group "inside_access_out" [0x0, 0x0]
^^^^^^^^^
Rsyslogd:
Mar 4 08:41:17 Mar 04 2008 08:41:25: %ASA-4-106023: Deny
tcp src inside:x.x.x.x/2125 dst outside:x.x.x.x/9018 by access-group
"inside_access_out" [0x0, 0x0]
Regards,
Mark
from multiple hosts which I then have a script which separates out the
logs based on the source host. I just rebuilt my syslog server and took
the opportunity to use rsyslogd 2.0.2 instead of the syslogd, but I
noticed that my syslogs no longer record the address of the source host
which will break my scripts. Is there any way to change this behavior?
Examples -
Syslogd:
Mar 4 08:05:47 10.10.1.1 Mar 04 2008 08:05:47:
%ASA-4-106023: Deny tcp src inside:x.x.x.x/3713 dst outside:x.x.x.x/1021
by access-group "inside_access_out" [0x0, 0x0]
^^^^^^^^^
Rsyslogd:
Mar 4 08:41:17 Mar 04 2008 08:41:25: %ASA-4-106023: Deny
tcp src inside:x.x.x.x/2125 dst outside:x.x.x.x/9018 by access-group
"inside_access_out" [0x0, 0x0]
Regards,
Mark