I am running ddwrt v24-sp2 on three WRT54GL routers. These routers all send their syslog information to the same remote server using syslogd
The problem is that in the logs the hostname will change between the LAN IP and 127.0.0.1.
This makes it hard to tell which device is doing what when I have several events listed as localhost and makes it impossible to script events to happen when certain syslog messages are received.
Does anyone know of any way I can differentiate which message comes from which host? Is there some option I did not see to for a tag or extra information into the message. Can I force the host to send its hostname with each message?
Here is an example of the syslog output:
06-28-2010 11:43:57 User.Info 10.255.255.2 Jun 28 17:43:58 : >Connecting to
*.*.*.*
06-28-2010 11:43:54 User.Info 127.0.0.1 Jun 28 17:43:54 : >Connecting to
*.*.*.*
06-28-2010 11:43:52 Daemon.Info 10.255.255.1 Jun 28 17:43:53 >chillispot[428]: chilli.c: 1088: Rereading configuration file and doing DNS lookup
06-28-2010 11:43:51 Daemon.Info 127.0.0.1 Jun 28 17:43:52 >chillispot[623]: chilli.c: 1088: Rereading configuration file and doing DNS lookup
06-28-2010 11:43:51 Daemon.Info 10.255.255.3 Jun 28 17:43:51 >chillispot[4185]: chilli.c: 1088: Rereading configuration file and doing DNS lookup
thanks
Chris
Try using syslog-ng. I ran into a number of problems with syslogd on openwrt. I suspect you are running into the similar problems. See my documentation on using syslog-ng with openwrt. My logging server is Ubuntu running rsyslogd.
Alternatively, you should be able to do the required changes on the logging server using syslog-ng to rerwrite the log message based on the sending server.
This is a known problem with syslogd. Hostnames are not preserved across hosts.
http://novosial.org/logging/syslogd-problems/
As suggested, try using syslog-ng.
Piping the syslog message to netcat will add the hostname.
A simple way is to pipe messages using netcat (nc) in the syslog.conf file as follow:
*.* "TAB" | nc RemoteLogServer -u 514 -w 1"
A TAB character must be inserted before the pipe symbol.