Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Another remote syslog question (missing hostname)

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blacklocist
      last edited by

      Hi All,

      I have been working on using remote syslog with a system at a remote site. I don't want to deploy a syslog server locally (lan) so was hopping to ship the data over wan to a rsyslog server.

      Any way looking at the logs it looks like I am not getting the hostname of the pfsense but rather the IP address. Upon reading some rsyslog documentation and printing raw messages it is not included (that I can tell).

      I found this post which I think points the finger at rsyslog.
      http://forum.pfsense.org/index.php?topic=14687.0

      I guess my question is if this really is a problem with rsyslog or pfsense not sending hostnames?

      ###############################
      For those that care I am using a test template to test incomming messages.

      $template testFormat," %HOSTNAME%-%FROMHOST%-%FROMHOST-IP%-%rawmsg%\n"
      and getting output
      72.172.219.179-72.172.219.179-72.172.219.179-<38>Apr 22 13:57:24 sshd[42757]: Accepted publickey for user from 118.82.129.111 port 48518 ssh2
      and expecting
      hostname -hostname-72.172.219.179-<38>Apr 22 13:57:24 sshd[42757]: Accepted publickey for user from 118.82.129.111 port 48518 ssh2

      1 Reply Last reply Reply Quote 0
      • B
        blacklocist
        last edited by

        I just found a better way to see the incomming messages.

        In rsyslog.conf use template RSYSLOG_DebugFormat
        . /var/log/debuglog;RSYSLOG_DebugFormat

        Debug line with all properties:
        FROMHOST: '72.172.219.179', fromhost-ip: '72.172.219.179', HOSTNAME: '72.172.219.179', PRI: 38,
        syslogtag 'sshd[463]:', programname: 'sshd', APP-NAME: 'sshd', PROCID: '463', MSGID: '-',
        TIMESTAMP: 'Apr 22 14:05:14', STRUCTURED-DATA: '-',
        msg: ' Exiting on signal 15'
        escaped msg: ' Exiting on signal 15'
        rawmsg: '<38>Apr 22 14:05:14 sshd[463]: Exiting on signal 15'

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.