LinuxQuestions.org - rsyslog configuration in a specific scenario

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - rsyslog configuration in a specific scenario (https://www.linuxquestions.org/questions/linux-server-73/rsyslog-configuration-in-a-specific-scenario-4175577801/)

rsyslog configuration in a specific scenario

Hi all,

I have a bunch of rsyslog messages that I need to add the %fromhost-ip% tag because the client doesn't send it's IP address on the message body.

The configuration:

Code:

$template tplremote,"%timegenerated% %HOSTNAME% %fromhost-ip% %syslogtag%%msg:::drop-last-lf%\n"

$template RemoteHost,"/var/syslog/mta.%$YEAR%%$MONTH%%$DAY%.log"



if $msg contains 'USM' then ?RemoteHost;tplremote



$template DynamicFiles,"/var/syslog/mta.%$YEAR%%$MONTH%%$DAY%.log"

The thing is: These messages are forwarded to another server running Sqoop.

Code:

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional

*.* @10.217.16.35:514

# ### end of the forwarding rule ###

I can get it to write to the previous log in the correct format, but I can't get this messages to the forwarder correctly formated.

Can any of the experts help out?

Many thanks

BR
AV

Quote:

Originally Posted by avjuma (Post 5533228)

I can't get this messages to the forwarder correctly formated.

rsyslog should forward the logs raw and then process them internally at the receiving rsyslog-server.

I did mine like so