michael at maymann
Jan 19, 2012, 2:24 AM
Post #23 of 35
(235 views)
Permalink
|
|
Re: Syslogging FQDN logfile/logdir howto/links/examples
[In reply to]
|
|
Hi,
Got it installed...:
yum install zlib-devel.x86_64
yum install byacc.x86_64
did the trick for me...
Thanks for your help Rainer...:-) !
Trying to look through the man-page and googling a bit...
1. do I have to enable DNS cache somewhere, or is this feature on by
default ?
2. Is there some v6.3.6 version config examples somewhere. I would need to:
a. generally have logfiles in a
/NFS_logdir/FQDN/equial_to_local_logfile_name (e.g. messages)
b. have maillog from mailcluster=host001 (host001a+host001b) being merged
in a single /NFS_logdir/host001/maillog file
Thanks in advance :-) !
~maymann
2012/1/18 Rainer Gerhards <rgerhards [at] hq>
> Zlib-dev is missing, looks like configure did not catch that.
>
> Rainer
>
> Michael Maymann <michael [at] maymann> hat geschrieben:The
> --libdir=/usr/lib64 option did the trick...:-):
>
> cd libestr
>
> ./configure --libdir=/usr/lib64 --includedir=/usr/include --prefix=/usr
>
> make
>
> make install
>
> cd ..
>
> cd libee/
>
> ./configure --libdir=/usr/lib64 --includedir=/usr/include --prefix=/usr
>
> make
>
> make install
>
> cd ..
>
> cd rsyslog-6.3.6
>
> ./configure --libdir=/usr/lib64 --includedir=/usr/include --prefix=/usr
>
> [root [at] MyServe rsyslog-6.3.6]# echo $?
>
> 0
>
> [root [at] MyServe rsyslog-6.3.6]# make
>
> make all-recursive
>
> make[1]: Entering directory `/root/rsyslog-6.3.6'
>
> Making all in doc
>
> make[2]: Entering directory `/root/rsyslog-6.3.6/doc'
>
> make[2]: Nothing to be done for `all'.
>
> make[2]: Leaving directory `/root/rsyslog-6.3.6/doc'
>
> Making all in runtime
>
> make[2]: Entering directory `/root/rsyslog-6.3.6/runtime'
>
> CC librsyslog_la-rsyslog.lo
>
> In file included from stream.h:72,
>
> from obj.h:50,
>
> from rsyslog.h:474,
>
> from rsyslog.c:63:
>
> zlibw.h:28:18: error: zlib.h: No such file or directory
>
> In file included from stream.h:72,
>
> from obj.h:50,
>
> from rsyslog.h:474,
>
> from rsyslog.c:63:
>
> zlibw.h:32: error: expected ')' before 'strm'
>
> zlibw.h:33: error: expected ';' before 'int'
>
> In file included from obj.h:50,
>
> from rsyslog.h:474,
>
> from rsyslog.c:63:
>
> stream.h:123: error: expected specifier-qualifier-list before 'Bytef'
>
> make[2]: *** [librsyslog_la-rsyslog.lo] Error 1
>
> make[2]: Leaving directory `/root/rsyslog-6.3.6/runtime'
>
> make[1]: *** [all-recursive] Error 1
>
> make[1]: Leaving directory `/root/rsyslog-6.3.6'
> make: *** [all] Error 2
>
> So both libestr and linee in installed and ./configure in rsyslog dir ran
> without errors, but now make is causing me problems..., anyone who know how
> to solve this ?
>
>
> Thanks in advance :-) !
> ~maymann
>
> 2012/1/17 Michael Maymann <michael [at] maymann>
>
> > Tried to delete all installed and follow this guide:
> > http://www.liblognorm.com/help/first-steps-using-liblognorm/
> > same problem, when [root [at] MyServe libee]# ./configure --libdir=/usr/lib
> > --includedir=/usr/include:
> > ...
> > checking for LIBESTR... configure: error: Package requirements (libestr
> >=
> > 0.0.0) were not met:
> >
> > No package 'libestr' found
> >
> > Consider adjusting the PKG_CONFIG_PATH environment variable if you
> > installed software in a non-standard prefix.
> >
> > Alternatively, you may set the environment variables LIBESTR_CFLAGS
> > and LIBESTR_LIBS to avoid the need to call pkg-config.
> > See the pkg-config man page for more details.
> >
> >
> > Thanks in advance :-) !
> > ~maymann
> >
> >
> > 2012/1/17 Michael Maymann <michael [at] maymann>
> >
> >> Hi Rainer,
> >>
> >> yes, rsyslog-6.3.6 needs libestr and libee...:
> >> I installed libestr just fine:
> >> [root [at] MyServe pkgconfig]# locate libestr
> >> /root/libestr-0.1.2
> >> /root/libestr-0.1.2.tar.gz
> >> /root/libestr-0.1.2/AUTHORS
> >> /root/libestr-0.1.2/COPYING
> >> /root/libestr-0.1.2/ChangeLog
> >> /root/libestr-0.1.2/INSTALL
> >> /root/libestr-0.1.2/Makefile
> >> /root/libestr-0.1.2/Makefile.am
> >> /root/libestr-0.1.2/Makefile.in
> >> /root/libestr-0.1.2/NEWS
> >> /root/libestr-0.1.2/README
> >> /root/libestr-0.1.2/aclocal.m4
> >> /root/libestr-0.1.2/compile
> >> /root/libestr-0.1.2/config.guess
> >> /root/libestr-0.1.2/config.h
> >> /root/libestr-0.1.2/config.h.in
> >> /root/libestr-0.1.2/config.log
> >> /root/libestr-0.1.2/config.status
> >> /root/libestr-0.1.2/config.sub
> >> /root/libestr-0.1.2/configure
> >> /root/libestr-0.1.2/configure.ac
> >> /root/libestr-0.1.2/depcomp
> >> /root/libestr-0.1.2/include
> >> /root/libestr-0.1.2/install-sh
> >> /root/libestr-0.1.2/libestr.pc
> >> /root/libestr-0.1.2/libestr.pc.in
> >> /root/libestr-0.1.2/libtool
> >> /root/libestr-0.1.2/ltmain.sh
> >> /root/libestr-0.1.2/m4
> >> /root/libestr-0.1.2/missing
> >> /root/libestr-0.1.2/src
> >> /root/libestr-0.1.2/stamp-h1
> >> /root/libestr-0.1.2/include/Makefile
> >> /root/libestr-0.1.2/include/Makefile.am
> >> /root/libestr-0.1.2/include/Makefile.in
> >> /root/libestr-0.1.2/include/libestr.h
> >> /root/libestr-0.1.2/m4/libtool.m4
> >> /root/libestr-0.1.2/m4/ltoptions.m4
> >> /root/libestr-0.1.2/m4/ltsugar.m4
> >> /root/libestr-0.1.2/m4/ltversion.m4
> >> /root/libestr-0.1.2/m4/lt~obsolete.m4
> >> /root/libestr-0.1.2/src/.deps
> >> /root/libestr-0.1.2/src/.libs
> >> /root/libestr-0.1.2/src/Makefile
> >> /root/libestr-0.1.2/src/Makefile.am
> >> /root/libestr-0.1.2/src/Makefile.in
> >> /root/libestr-0.1.2/src/libestr.c
> >> /root/libestr-0.1.2/src/libestr.la
> >> /root/libestr-0.1.2/src/libestr_la-libestr.lo
> >> /root/libestr-0.1.2/src/libestr_la-libestr.o
> >> /root/libestr-0.1.2/src/libestr_la-string.lo
> >> /root/libestr-0.1.2/src/libestr_la-string.o
> >> /root/libestr-0.1.2/src/string.c
> >> /root/libestr-0.1.2/src/.deps/libestr_la-libestr.Plo
> >> /root/libestr-0.1.2/src/.deps/libestr_la-string.Plo
> >> /root/libestr-0.1.2/src/.libs/libestr.a
> >> /root/libestr-0.1.2/src/.libs/libestr.la
> >> /root/libestr-0.1.2/src/.libs/libestr.lai
> >> /root/libestr-0.1.2/src/.libs/libestr.so
> >> /root/libestr-0.1.2/src/.libs/libestr.so.0
> >> /root/libestr-0.1.2/src/.libs/libestr.so.0.0.0
> >> /root/libestr-0.1.2/src/.libs/libestr_la-libestr.o
> >> /root/libestr-0.1.2/src/.libs/libestr_la-string.o
> >> /usr/local/include/libestr.h
> >> /usr/local/lib/libestr.a
> >> /usr/local/lib/libestr.la
> >> /usr/local/lib/libestr.so
> >> /usr/local/lib/libestr.so.0
> >> /usr/local/lib/libestr.so.0.0.0
> >> /usr/local/lib/pkgconfig/libestr.pc
> >>
> >> I try to install libee:
> >> [root [at] MyServe libee-0.3.2]# ./configure
> >> LIBESTR_CFLAGS=/usr/local/include LIBESTR_LIBS=/usr/local/lib
> >> checking for a BSD-compatible install... /usr/bin/install -c
> >> checking whether build environment is sane... yes
> >> checking for a thread-safe mkdir -p... /bin/mkdir -p
> >> checking for gawk... gawk
> >> checking whether make sets $(MAKE)... yes
> >> checking for gcc... gcc
> >> checking whether the C compiler works... yes
> >> checking for C compiler default output file name... a.out
> >> checking for suffix of executables...
> >> checking whether we are cross compiling... no
> >> checking for suffix of object files... o
> >> checking whether we are using the GNU C compiler... yes
> >> checking whether gcc accepts -g... yes
> >> checking for gcc option to accept ISO C89... none needed
> >> checking for style of include used by make... GNU
> >> checking dependency style of gcc... gcc3
> >> checking whether gcc and cc understand -c and -o together... yes
> >> checking build system type... x86_64-unknown-linux-gnu
> >> checking host system type... x86_64-unknown-linux-gnu
> >> checking how to print strings... printf
> >> checking for a sed that does not truncate output... /bin/sed
> >> checking for grep that handles long lines and -e... /bin/grep
> >> checking for egrep... /bin/grep -E
> >> checking for fgrep... /bin/grep -F
> >> checking for ld used by gcc... /usr/bin/ld
> >> checking if the linker (/usr/bin/ld) is GNU ld... yes
> >> checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
> >> checking the name lister (/usr/bin/nm -B) interface... BSD nm
> >> checking whether ln -s works... yes
> >> checking the maximum length of command line arguments... 1966080
> >> checking whether the shell understands some XSI constructs... yes
> >> checking whether the shell understands "+="... yes
> >> checking for /usr/bin/ld option to reload object files... -r
> >> checking for objdump... objdump
> >> checking how to recognize dependent libraries... pass_all
> >> checking for ar... ar
> >> checking for strip... strip
> >> checking for ranlib... ranlib
> >> checking command to parse /usr/bin/nm -B output from gcc object... ok
> >> checking how to run the C preprocessor... gcc -E
> >> checking for ANSI C header files... yes
> >> checking for sys/types.h... yes
> >> checking for sys/stat.h... yes
> >> checking for stdlib.h... yes
> >> checking for string.h... yes
> >> checking for memory.h... yes
> >> checking for strings.h... yes
> >> checking for inttypes.h... yes
> >> checking for stdint.h... yes
> >> checking for unistd.h... yes
> >> checking for dlfcn.h... yes
> >> checking for objdir... .libs
> >> checking if gcc supports -fno-rtti -fno-exceptions... no
> >> checking for gcc option to produce PIC... -fPIC -DPIC
> >> checking if gcc PIC flag -fPIC -DPIC works... yes
> >> checking if gcc static flag -static works... no
> >> checking if gcc supports -c -o file.o... yes
> >> checking if gcc supports -c -o file.o... (cached) yes
> >> checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports
> >> shared libraries... yes
> >> checking whether -lc should be explicitly linked in... no
> >> checking dynamic linker characteristics... GNU/Linux ld.so
> >> checking how to hardcode library paths into programs... immediate
> >> checking whether stripping libraries is possible... yes
> >> checking if libtool supports shared libraries... yes
> >> checking whether to build shared libraries... yes
> >> checking whether to build static libraries... yes
> >> checking for stdlib.h... (cached) yes
> >> checking for GNU libc compatible malloc... yes
> >> checking for pkg-config... /usr/bin/pkg-config
> >> checking pkg-config is at least version 0.9.0... yes
> >> checking for LIBESTR... yes
> >> configure: creating ./config.status
> >> config.status: creating Makefile
> >> config.status: creating libee.pc
> >> config.status: creating src/Makefile
> >> config.status: creating include/Makefile
> >> config.status: creating include/libee/Makefile
> >> config.status: creating tests/Makefile
> >> config.status: creating config.h
> >> config.status: config.h is unchanged
> >> config.status: executing depfiles commands
> >> config.status: executing libtool commands
> >> *****************************************************
> >> libee will be compiled with the following settings:
> >>
> >> Debug mode enabled: no
> >> Testbench enabled: yes
> >> [root [at] MyServe libee-0.3.2]# echo $?
> >> 0
> >> [root [at] MyServe libee-0.3.2]# make
> >> make all-recursive
> >> make[1]: Entering directory `/root/libee-0.3.2'
> >> Making all in tests
> >> make[2]: Entering directory `/root/libee-0.3.2/tests'
> >> make[2]: Nothing to be done for `all'.
> >> make[2]: Leaving directory `/root/libee-0.3.2/tests'
> >> Making all in include
> >> make[2]: Entering directory `/root/libee-0.3.2/include'
> >> Making all in libee
> >> make[3]: Entering directory `/root/libee-0.3.2/include/libee'
> >> make[3]: Nothing to be done for `all'.
> >> make[3]: Leaving directory `/root/libee-0.3.2/include/libee'
> >> make[3]: Entering directory `/root/libee-0.3.2/include'
> >> make[3]: Nothing to be done for `all-am'.
> >> make[3]: Leaving directory `/root/libee-0.3.2/include'
> >> make[2]: Leaving directory `/root/libee-0.3.2/include'
> >> Making all in src
> >> make[2]: Entering directory `/root/libee-0.3.2/src'
> >> CC libee_la-ctx.lo
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-tag.lo
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-event.lo
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-value.lo
> >> value.c: In function 'ee_newValue':
> >> value.c:37: warning: unused parameter 'ctx'
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-tagbucket.lo
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-field.lo
> >> field.c: In function 'ee_getFieldValueAsStr':
> >> field.c:181: warning: 'str' may be used uninitialized in this function
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-fieldbucket.lo
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-primitivetype.lo
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-int_dec.lo
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-apache_dec.lo
> >> apache_dec.c: In function 'ee_newApache':
> >> apache_dec.c:37: warning: unused parameter 'ctx'
> >> apache_dec.c: In function 'ee_apacheAddName':
> >> apache_dec.c:71: warning: unused parameter 'ctx'
> >> apache_dec.c: In function 'processLn':
> >> apache_dec.c:205: warning: unused variable 'value'
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-syslog_enc.lo
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-json_enc.lo
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-csv_enc.lo
> >> csv_enc.c: In function 'ee_AddName':
> >> csv_enc.c:66: warning: unused parameter 'ctx'
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CC libee_la-xml_enc.lo
> >> xml_enc.c: In function 'ee_addValue_XML':
> >> xml_enc.c:60: warning: unused variable 'j'
> >> xml_enc.c:59: warning: unused variable 'numbuf'
> >> xml_enc.c: At top level:
> >> xml_enc.c:40: warning: 'hexdigit' defined but not used
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CCLD libee.la
> >> CC convert-convert.o
> >> gcc: /usr/local/include: linker input file unused because linking not
> done
> >> CCLD convert
> >> /usr/local/lib: file not recognized: Is a directory
> >> collect2: ld returned 1 exit status
> >> make[2]: *** [convert] Error 1
> >> make[2]: Leaving directory `/root/libee-0.3.2/src'
> >> make[1]: *** [all-recursive] Error 1
> >> make[1]: Leaving directory `/root/libee-0.3.2'
> >> make: *** [all] Error 2
> >> [root [at] MyServe libee-0.3.2]# echo $?
> >> 2
> >>
> >> It must be my LIBESTR_CFLAGS and LIBESTR_LIBS being wrong - do you know
> >> how to solve this ?
> >>
> >>
> >>
> >> Thanks in advance :-) !
> >> ~maymann
> >>
> >> 2012/1/16 Rainer Gerhards <rgerhards [at] hq>
> >>
> >>> > -----Original Message-----
> >>> > From: rsyslog-bounces [at] lists [mailto:rsyslog-
> >>> > bounces [at] lists] On Behalf Of Michael Maymann
> >>> > Sent: Monday, January 16, 2012 10:48 AM
> >>> > To: rsyslog-users
> >>> > Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir
> >>> howto/links/examples
> >>> >
> >>> > Hi Rainer,
> >>> >
> >>> > Thanks for your reply.
> >>> > How do I install 6.3.6 on RHEL6 easiest ?
> >>>
> >>> I have no specific instructions. Just grab the sources and compile, I'd
> >>> say
> >>> ;) Note, however, that you need to install libestr and probably libee
> >>> first.
> >>>
> >>> Rainer
> >>> >
> >>> > Thanks in advance :-)!
> >>> > ~maymann
> >>> >
> >>> > 2012/1/16 Rainer Gerhards <rgerhards [at] hq>
> >>> >
> >>> > > The cache is available since 6.3.1, so you need to go for the devel
> >>> > > version.
> >>> > > A good place to check those things is the ChangeLog itself, here is
> >>> > > the current one:
> >>> > >
> >>> > >
> >>> > >
> >>> http://git.adiscon.com/?p=rsyslog.git;a=blob;f=ChangeLog;h=b42a8004ed8
> >>> > > 575d085
> >>> > > a0fcf48f71339154813971<
> >>> http://git.adiscon.com/?p=rsyslog.git;a=blob;f=
> >>> > > ChangeLog;h=b42a8004ed8575d085%0Aa0fcf48f71339154813971>
> >>> > > ;hb=HEAD
> >>> > >
> >>> > > Note that v6-devel is almost as stable as v6-stable except for the
> >>> > > config read phase at startup.
> >>> > >
> >>> > > HTH
> >>> > > Rainer
> >>> > >
> >>> > > > -----Original Message-----
> >>> > > > From: rsyslog-bounces [at] lists [mailto:rsyslog-
> >>> > > > bounces [at] lists] On Behalf Of Michael Maymann
> >>> > > > Sent: Monday, January 16, 2012 8:57 AM
> >>> > > > To: david [at] lang
> >>> > > > Cc: rsyslog-users
> >>> > > > Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir
> >>> > > > howto/links/examples
> >>> > > >
> >>> > > > If I want DNS caching, should i use the new stable-6.2.0 or the
> >>> > > > older devel-6.3.6... ?
> >>> > > > Can see this feature mentioned here:
> >>> > > > http://rsyslog.com/features/
> >>> > > > or here:
> >>> > > > http://rsyslog.com/project-status/
> >>> > > >
> >>> > > >
> >>> > > > Thanks in advance :-) !
> >>> > > > ~maymann
> >>> > > >
> >>> > > > 2012/1/14 <david [at] lang>
> >>> > > >
> >>> > > > > On Sat, 14 Jan 2012, Michael Maymann wrote:
> >>> > > > >
> >>> > > > > Hi David,
> >>> > > > >>
> >>> > > > >> thanks for this...this is super info...:-) !
> >>> > > > >> If I have to create different logs per host, will this be the
> a
> >>> > > > valid
> >>> > > > >> configuration:
> >>> > > > >> $template
> >>> > DynaFile_messages,?/logfiles_**on_nfs/%HOSTNAME%/messages?
> >>> > > > >> *.* -?DynaFile_messages
> >>> > > > >> $template
> >>> > DynaFile_secure,?/logfiles_on_**nfs/%HOSTNAME%/secure?
> >>> > > > >> *.* -?DynaFile_secure
> >>> > > > >> $template
> >>> > DynaFile_auth.log,?/logfiles_**on_nfs/%HOSTNAME%/auth.log?
> >>> > > > >> *.* -?DynaFile_auth.log
> >>> > > > >>
> >>> > > > >
> >>> > > > > I believe so.
> >>> > > > >
> >>> > > > >
> >>> > > > > 1. Will rsyslog automatically create the %HOSTNAME% dir's or
> do
> >>> I
> >>> > > > have to
> >>> > > > >> create every hosts dir upfront... ?
> >>> > > > >>
> >>> > > > >
> >>> > > > > it will create it for you (make sure it's running with the
> >>> > > > appropriate
> >>> > > > > permissions, if you have rsyslog configured to drop privileges,
> >>> > > > > the
> >>> > > > lower
> >>> > > > > privileges need the ability to create the directories)
> >>> > > > >
> >>> > > > >
> >>> > > > > 2. Is DNS caching default enabled or do I have to enable this
> >>> > > > somewhere
> >>> > > > >> first...?
> >>> > > > >>
> >>> > > > >
> >>> > > > > I don't know, I haven't had a chance to look into that yet.
> >>> > > > >
> >>> > > > > David Lang
> >>> > > > >
> >>> > > > >
> >>> > > > >> Thanks in advance :-) !
> >>> > > > >> ~maymann
> >>> > > > >>
> >>> > > > >>
> >>> > > > >> 2012/1/14 <david [at] lang>
> >>> > > > >>
> >>> > > > >> http://rsyslog.com/article60/
> >>> > > > >>>
> >>> > > > >>> David Lang
> >>> > > > >>>
> >>> > > > >>> On Sat, 14 Jan 2012, Michael Maymann wrote:
> >>> > > > >>>
> >>> > > > >>> Date: Sat, 14 Jan 2012 07:23:57 +0100
> >>> > > > >>>
> >>> > > > >>>> From: Michael Maymann <michael [at] maymann>
> >>> > > > >>>> To: rsyslog-users <rsyslog [at] lists>,
> david [at] lang,
> >>> > > > >>>> Michael Maymann <michael [at] maymann>
> >>> > > > >>>>
> >>> > > > >>>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir
> >>> > > > >>>> howto/links/examples
> >>> > > > >>>>
> >>> > > > >>>> Hi David,
> >>> > > > >>>>
> >>> > > > >>>> thanks for you kind reply...:-) !
> >>> > > > >>>> ---
> >>> > > > >>>> This didn't seem to get through to the archives for some
> >>> > > > reason...:
> >>> > > > >>>> http://lists.adiscon.net/****pipermail/rsyslog/2012-****
> >>> > > > >>>>
> >>> > > > January/thread.html<
> >>> http://lists.adiscon.net/**pipermail/rsyslog/201
> >>> > > > 2-
> >>> > > > **January/thread.html>
> >>> > > > >>>> <http://**lists.adiscon.net/pipermail/**rsyslog/2012-
> >>> > > > January/thread.**
> >>> > > > >>>> html<http://lists.adiscon.net/pipermail/rsyslog/2012-
> >>> > > > January/thread.html>
> >>> > > > >>>> >
> >>> > > > >>>>
> >>> > > > >>>> Hope I will not dobbel-post...
> >>> > > > >>>> ---
> >>> > > > >>>> I don't use syslog-relays, so this will not cause me any
> >>> problems.
> >>> > > > >>>> Don't actually know what version we are running - can see
> this
> >>> > > > Monday
> >>> > > > >>>> morning though... Thanks for this hint... will upgrade to
> 6.2
> >>> > > > >>>> if
> >>> > > > not
> >>> > > > >>>> already then.
> >>> > > > >>>> I have to configure this into a already running live
> >>> production
> >>> > > > system -
> >>> > > > >>>> our previous syslog-admin left...:-(.
> >>> > > > >>>> Could I perhaps ask you to be so kind as to give an
> >>> > > > >>>> configuration example of how this is done, if I ask really
> >>> > > > >>>> nicely... :-) ?
> >>> > > > >>>>
> >>> > > > >>>> Thanks in advance :-) !
> >>> > > > >>>> ~maymann
> >>> > > > >>>>
> >>> > > > >>>> 2012/1/13 <david [at] lang>
> >>> > > > >>>>
> >>> > > > >>>> you need to be aware that doing the DNS queries is rather
> >>> > > > expensive
> >>> > > > >>>>
> >>> > > > >>>>> (although I think I saw a comment that in the very latest
> 6.2
> >>> > > > version
> >>> > > > >>>>> there
> >>> > > > >>>>> may now be a DNS cache that will drastically help)
> >>> > > > >>>>>
> >>> > > > >>>>> you would need to create a template with FROMHOST in it and
> >>> > > > >>>>> use
> >>> > > > that as
> >>> > > > >>>>> the filename to write to (look for dynafile in the
> >>> > > > >>>>> documentation)
> >>> > > > >>>>>
> >>> > > > >>>>> note that if you are relaying logs from one machine to
> >>> > > > >>>>> another,
> >>> > > > only
> >>> > > > >>>>> the
> >>> > > > >>>>> first machine will see the true source in FROMHOST,
> machines
> >>> > > > after that
> >>> > > > >>>>> will only see the relay box.
> >>> > > > >>>>>
> >>> > > > >>>>> let me know if this doesn't give you enough clues to learn
> >>> how
> >>> > > > >>>>> to
> >>> > > > do
> >>> > > > >>>>> this.
> >>> > > > >>>>>
> >>> > > > >>>>> David Lang
> >>> > > > >>>>>
> >>> > > > >>>>> On Fri, 13 Jan 2012, Michael Maymann wrote:
> >>> > > > >>>>>
> >>> > > > >>>>> Date: Fri, 13 Jan 2012 14:43:06 +0100
> >>> > > > >>>>>
> >>> > > > >>>>> From: Michael Maymann <michael [at] maymann>
> >>> > > > >>>>>> Reply-To: rsyslog-users <rsyslog [at] lists>
> >>> > > > >>>>>> To: rsyslog [at] lists
> >>> > > > >>>>>> Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir
> >>> > > > >>>>>> howto/links/examples
> >>> > > > >>>>>>
> >>> > > > >>>>>>
> >>> > > > >>>>>> Furthermore: would it be possible to validate FQDN from
> DNS
> >>> > > > >>>>>> and
> >>> > > > not
> >>> > > > >>>>>> from
> >>> > > > >>>>>> syslog-info hostname.
> >>> > > > >>>>>> We are getting a lot of weird logfiles as some
> applications
> >>> > > > >>>>>> are
> >>> > > > not
> >>> > > > >>>>>> including the hostname as the first parameter in the
> syslog-
> >>> > > > entries,
> >>> > > > >>>>>> e.g.:
> >>> > > > >>>>>> Dec 16 11:47:40 x002 |grep FAILED#012#01212/16/11 09:47:10
> >>> > > > >>>>>> [issue_cmd ] STATUS: 1#012#01212/16/11 09:47:10
> >>> > > > >>>>>> [issue_cmd ] RESULT:#012#01212/16/11 09:47:10
> >>> > > > >>>>>> [issue_cmd ] #012#01212/16/11 09:47:10
> >>> > > > >>>>>> [set_host_compat_list]
> >>> > > > >>>>>> #012#01212/16/11 09:47:10 [issue_cli_cmd ] command
> is
> >>> > > > >>>>>> '/opt/vmware/aam/bin/ftcli -domain vmware -cmd
> >>> > "SetUserData
> >>> > > > >>>>>> HostCompatList text
> >>> > > > >>>>>> /tmp/hostCompatList"'#012#******01212/16/11 09:47:40
> >>> > > > >>>>>>
> >>> > > > >>>>>>
> >>> > > > >>>>>>
> >>> > > > >>>>>> Would be nice to validate FQDN from sender DNS query...
> >>> > > > >>>>>>
> >>> > > > >>>>>> Thanks in advance :-) !
> >>> > > > >>>>>> ~maymann
> >>> > > > >>>>>>
> >>> > > > >>>>>>
> >>> > > > >>>>>> 2012/1/13 Michael Maymann <michael [at] maymann>
> >>> > > > >>>>>>
> >>> > > > >>>>>> Hi List,
> >>> > > > >>>>>>
> >>> > > > >>>>>>
> >>> > > > >>>>>>> I'm new to rsyslog/syslog in general.
> >>> > > > >>>>>>>
> >>> > > > >>>>>>> I would like to syslog from all my 100+ network devices.
> >>> > > > >>>>>>> Preferably I would like a FQDN.log file for each host
> (or a
> >>> > > > FQDN-dir
> >>> > > > >>>>>>> containing logs from this host if more logfiles per host
> >>> are
> >>> > > > best
> >>> > > > >>>>>>> practice)...
> >>> > > > >>>>>>>
> >>> > > > >>>>>>> Can anyone give me an example of (or link to) best
> practice
> >>> > > > >>>>>>> of
> >>> > > > this
> >>> > > > >>>>>>> kind
> >>> > > > >>>>>>> of setup.
> >>> > > > >>>>>>>
> >>> > > > >>>>>>>
> >>> > > > >>>>>>> Thanks in advance :-) !
> >>> > > > >>>>>>>
> >>> > > > >>>>>>> ~maymann
> >>> > > > >>>>>>>
> >>> > > > >>>>>>>
> >>> > ______________________________******_________________
> >>> > > > >>>>>>>
> >>> > > > >>>>>>> rsyslog mailing list
> >>> > > > >>>>>>
> >>> > > > http://lists.adiscon.net/******mailman/listinfo/rsyslog<
> >>> http://lists
> >>> > > > .ad iscon.net/****mailman/listinfo/rsyslog>
> >>> > > > >>>>>>
> >>> > > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<
> >>> http://list
> >>> > > > s.a discon.net/**mailman/listinfo/rsyslog>
> >>> > > > >>>>>> >
> >>> > > > >>>>>>
> >>> > > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<
> >>> http://list
> >>> > > > s.a discon.net/mailman/**listinfo/rsyslog>
> >>> > > > >>>>>>
> >>> > > > <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<
> >>> http://lists.
> >>> > > > adi
> >>> > > > scon.net/mailman/listinfo/rsyslog>
> >>> > > > >>>>>> >
> >>> > > > >>>>>>
> >>> > > > >>>>>>>
> >>> > > > >>>>>>> http://www.rsyslog.com/******professional-
> >>> > > > services/<http://www.rsyslog.com/****professional-services/>
> >>> > > > >>>>>> <http://**www.rsyslog.com/****professional-
> >>> > > > services/<http://www.rsyslog.com/**professional-services/>
> >>> > > > >>>>>> >
> >>> > > > >>>>>> <http://**www.rsyslog.com/**professional-
> >>> > > > **services/<http://www.rsyslog.com/professional-**services/>
> >>> > > > >>>>>> <http:**//www.rsyslog.com/**professional-
> >>> > > > services/<http://www.rsyslog.com/professional-services/>
> >>> > > > >>>>>> >
> >>> > > > >>>>>>
> >>> > > > >>>>>>>
> >>> > > > >>>>>>>
> >>> > > > >>>>>>
> >>> > ______________________________******_________________
> >>> > > > >>>>>>
> >>> > > > >>>>>> rsyslog mailing list
> >>> > > > >>>>>
> >>> > > > http://lists.adiscon.net/******mailman/listinfo/rsyslog<
> >>> http://lists
> >>> > > > .ad iscon.net/****mailman/listinfo/rsyslog>
> >>> > > > >>>>>
> >>> > > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<
> >>> http://list
> >>> > > > s.a discon.net/**mailman/listinfo/rsyslog>
> >>> > > > >>>>> >
> >>> > > > >>>>>
> >>> > > > <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<
> >>> http://list
> >>> > > > s.a discon.net/mailman/**listinfo/rsyslog>
> >>> > > > >>>>>
> >>> > > > <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<
> >>> http://lists.
> >>> > > > adi
> >>> > > > scon.net/mailman/listinfo/rsyslog>
> >>> > > > >>>>> >
> >>> > > > >>>>>
> >>> > > > >>>>>>
> >>> > > > >>>>>> http://www.rsyslog.com/******professional-
> >>> > > > services/<http://www.rsyslog.com/****professional-services/>
> >>> > > > >>>>> <http://**www.rsyslog.com/****professional-
> >>> > > > services/<http://www.rsyslog.com/**professional-services/>
> >>> > > > >>>>> >
> >>> > > > >>>>> <http://**www.rsyslog.com/**professional-
> >>> > > > **services/<http://www.rsyslog.com/professional-**services/>
> >>> > > > >>>>> <http:**//www.rsyslog.com/**professional-
> >>> > > > services/<http://www.rsyslog.com/professional-services/>
> >>> > > > >>>>> >
> >>> > > > >>>>>
> >>> > > > >>>>>>
> >>> > > > >>>>>>
> >>> > > > >>>>>
> >>> > > > >>>>>
> >>> > > > >>>>
> >>> > > > >>
> >>> > > > _______________________________________________
> >>> > > > rsyslog mailing list
> >>> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> >>> > > > http://www.rsyslog.com/professional-services/
> >>> > > _______________________________________________
> >>> > > rsyslog mailing list
> >>> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> >>> > > http://www.rsyslog.com/professional-services/
> >>> > >
> >>> > _______________________________________________
> >>> > rsyslog mailing list
> >>> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> >>> > http://www.rsyslog.com/professional-services/
> >>> _______________________________________________
> >>> rsyslog mailing list
> >>> http://lists.adiscon.net/mailman/listinfo/rsyslog
> >>> http://www.rsyslog.com/professional-services/
> >>>
> >>
> >>
> >
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
|
1
