James Zuelow put forth on 1/27/2010 11:55 AM: >> -----Original Message----- >> From: Stan Hoeppner [mailto:s...@hardwarefreak.com] >> Sent: Tuesday, 26 January, 2010 20:22 >> To: debian-user >> Cc: James Zuelow >> Subject: Re: Rsyslog template >> You might try just commenting out the original you have, and >> entering something >> like: >> $ActionFileDefaultTemplate TraditionalFormat,%timegenerated% >> %HOSTNAME% >> %syslogtag%%msg%\n >> >> I don't know if that will work, but that's the first thing >> I'd try. If you > > Thanks Stan, that one worked. I should have read my dwww docs a bit more as > that line is listed as one of the template examples on the rsyslog.conf page. > It's a shame to have dwww installed and keep forgetting to search it...
Glad I could be of help. I'm no syslog expert. I just trudged my way through the online docs and my own rsyslog.conf and made a best guess as to what might work. >> don't have DNS hostname entries for the APs' IP addresses, >> then I'd replace >> "%HOSTNAME%" above with "%FROMHOST-IP%" which should just log >> the remote IP address. >> > > > Interestingly I *do* see references to FROMHOST-IP and fromhost-ip on the > web, but when I tried it here I lost hostname resolution in the log files and > instead got **INVALID PROPERTY NAME**. However HOSTNAME will enter the IP > address if there is not reverse DNS. I got the "%FROMHOST-IP% property name from rsyslog.com's docs. It's likely that Lenny is running a sufficiently old version of rsyslogd that the online docs describe properties that aren't available in Lenny rsyslog, or that names of properties have changed in newer rsyslog versions. The Lenny "man rsyslogd" has zero information on properties. This is probably buried in another doc file somewhere in the system, likely /usr/share/doc/rsyslog-doc/html/ My Linux machines are all headless, and I've never bothered with trying to symlink all the various html doc directories into lighty virtual directories just to get access to them via a browser. That is a huge waste of OP time. This penchant for html documentation is a PITA for administering headless servers. Quite frankly, this really surprises me in the case or rsyslog. The folks around the world most likely to be making serious use of rsyslog capabilities (not casual use) are the most likely to be running a datacenter full of headless servers without easy access to these html doc directories. Plain text versions of all Debian/Linux system documentation should be included by default. I'm guessing the rsyslog folks don't provide plain text only documentation, and the Debian rsyslog maintainers didn't want to take the time to create a plain text only version of the docs. How about the case for headless servers that don't run a web server at all? How then does an admin access this html documentation for rsyslog? This is a sad state of affairs IMO. > So the default template must be similar to the example TraditionalFormat, but > without the %HOSTNAME% component. I was wondering if I would see double > hostnames after adding it, but I do not so rsyslog must be smart enough to > recognise it's presence and not repeat it if it is in the syslog message > body. That's just a WAG on my part though. Yes, if you dig into /usr/share/doc/rsyslog-doc/examples/sample.conf it gets you a little closer to understanding the templates. Not much though. > But I am now getting IP address information on my DWL-3200AP units, and I > have not had to revert to sysklogd, so I should be OK if sysklogd gets > dropped from squeeze or squeeze+1 for whatever reason. Glad you got it working. That's what it's all about. I doubt sysklogd and syslog-ng will be going away any time soon. One thing Debian has always been pretty good about is providing multiple choices for each software category. I think this kinda goes hand in hand with the FSF philosophy of "software freedom". -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
