luke.marrott at gmail
Apr 13, 2012, 8:13 AM
I am using a combination of rsyslogd and Splunk for syslog in order to
Incorrect hostname from %hostname%
please different requirements within my organization and have ran into a
The hostnames of some devices is not being recorded correctly.
I've tried both of the following:
And either way I end up with a directory and file named either "Apr" or
"2012" on a few devices.
If I do a tcpdump I can verify that the source information is coming into
Then I tried to do a forward to forward the logs to localhost:10514 just so
I could test if Splunk would get the hostname from a forwarded message.
No luck. However if I turn rsyslogd off and turn Splunk to listen directly
to port 514 it works fine.
So somehow rsyslogd is not getting the hostname correctly.
I am running a bit older version:
rsyslogd 4.6.2, compiled with:
FEATURE_NETZIP (message compression): Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
rsyslog mailing list
What's up with rsyslog? Follow https://twitter.com/rgerhards