• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

rsyslog missconfiguration


Space invader

Just for information, the /etc/rsyslog.d/zzz_alienvault_template.conf rsyslog configuration is causing issue.

Juste have a look at this:

# template definition
$template DYNlog,"/var/log/alienvault/devices/%fromhost-ip%/%fromhost-ip%.log"

# binding 
if \
        $fromhost-ip != '' \
then    ?DYNlog

What about if the field fromhost-ip is not well decoded by rsyslog ? example : json log, WELF log ? 
Logs are strored into "/var/log/alienvault/devices/%fromhost-ip%/%fromhost-ip%.log" 

=> After variables expansion  

I very big hidden file into /var/log/alienvault/devices.


Share post:


Sign In or Register to comment.