MonitorWare Knowledge Base

[techno_anil]

Hi Team,

I have been using rsyslog for last 5-6 months and it is working fine for me. I have configured DynFile option to get the separate log files from different devices.

Now the issue I am facing is 1 of the device is firewall which is getting logs from different devices and sending it to rsyslog, So HOSTNAME appears for those logs are HOSTNAME of firewall, not the actual hostname of device.

See the log out below.

****************************
Mar 3 16:25:21 id=firewall time="2010-03-03 04:15:10" fw="KV_KL_KEMPEN_NF50" tz=+0000 startime="2010-03-03 04:15:09" pri=5 slotlevel=2 ruleid=1 srcif="Ethernet0" srcifname="in" ipproto=tcp proto=https src=172.16.32.24 srcport=59660 srcportname=ephemeral_fw dst=10.21.153.9 dstport=443 dstportname=https sent=0 rcvd=0 duration=0.04 logtype="connection"#015

Mar 3 16:27:16 id=firewall time="2010-03-03 16:09:36" fw="KV_SGR_AGSGR_NF200" tz=+0800 startime="2010-03-03 16:09:35" pri=5 slotlevel=2 ruleid=22 srcif=Ethernet0 srcifname=out ipproto=tcp dstif=Ethernet1 dstifname=in proto=https src=10.36.92.27 srcport=2633 dst=10.224.0.31 dstport=443 dstportname=https dstname=svr_10.224.0.31 sent=526 rcvd=2782 duration=1.11 logtype="connection"#015

Mar 3 16:33:37 id=firewall time="2010-03-03 16:15:16" fw="KV_KL_MTSKL_NF200" tz=+0800 startime="2010-03-03 16:09:49" pri=5 slotlevel=2 ruleid=1 srcif="Ethernet1" srcifname="in" ipproto=tcp proto=http src=10.0.21.91 srcport=4812 dst=209.85.231.91 dstport=80 dstportname=http sent=1350 rcvd=15987 duration=324.50 logtype="connection"#015

*****************************

I want this to create a separate file for "KV_KL_KEMPEN_NF50", "KV_SGR_AGSGR_NF200" & "KV_KL_MTSKL_NF200".

So if anyone can help me on this will be really great.

Thanks,
Anil Maheshwari