Why does rsyslog daemon create a new directory in /var/rsyslog while using the "%fromhost%" parameter in the "$template" option in the rsyslog configuration and dns becomes unavailable?

Solution Unverified - Updated -

Issue

  • While using the %fromhost% parameter in the $template option in the rsyslog configuration on RHEL6 to gather some logging data from remote servers and dns is available the rsyslog daemon creates a directory in /var/rsyslog containing the hostname (which is desirable for us) and logs the data to this directory.

For example:

$template httpd_error,"/var/rsyslog/%fromhost%/httpd/error_log"
local4.* ?httpd_error
  • But when the dns is unavailable and the TTL is expired from the remote host, the rsyslog daemon creates a second directory in /var/rsyslog containing the IP address of the remote host and logs the data to this directory. Thus syslog data from one host is now captured in two different directories.

Environment

  • RedHat Enterprise Linux 6
  • rsyslog version 5.8.10

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.