MonitorWare Knowledge Base

I've got rsyslog and phplogcon all up and running but having one small problem.

When logging from my Mikrotik devices, the FROMHOST in syslog messages shows up as "firewall,info" (i'm logging my firewall rules at info severity from my Mikrotik devices).

I need rsyslog to show the IP address and/or hostname. I could even attach a prefix from my mikrotik if rsyslog will show that instead of "firewall/info".

Any help, much appreciated.

Thanks,

Matt

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

Hi Matt,

it looks like the Mikrotik sends invalidly formatted syslog messages. In any case, the "fromhost" property has the name (or IP if it is not reverse-resolvable) address if the network sender. That should help you. Full list of properties is here:

http://www.rsyslog.com/doc-property_replacer.html

HTH
Rainer

rgerhards wrote:Hi Matt,

it looks like the Mikrotik sends invalidly formatted syslog messages. In any case, the "fromhost" property has the name (or IP if it is not reverse-resolvable) address if the network sender. That should help you. Full list of properties is here:

http://www.rsyslog.com/doc-property_replacer.html

HTH
Rainer

But how can I do that? And I need to do it for JUST mikrotik devices....

Well, you need to filter out the microtik devices(e.g. via their IP address) and write them to the database via a custom template.

Did you ever find a solution to this?

I'm having the same issue, unfortunatelly...