Hmm. I'm not sure if we have an existing way to handle this. How does rsyslog usually allow you to separate these?
I think to handle these you need to trust the hostname the device itself sends. I don't think we currently pass that, so it might need modification of code and format.
adam.
mp--- via observium wrote on 21/01/2023 09:03:
Hi, We have recently started using the syslog part of Observium and for the most part it works well where we have multiple public IP's logs are coming from or for places where we have VPN's and can reach devices on their local IP's.
We are running into a problem however when we have multiple devices pushing their syslog's to us over a WAN link and they come from the same public IP. We're using the %fromhost% variable in the configuration and all logs seem to end up with the first device that we have set in /etc/hosts to match the public IP. We've tried changing the %fromhost% to %hostname% instead thinking it would use the hostname within the log entry but unfortunately that didn't work either.
I've had a look at the documentation on how to do manual matching but I don't think that would help here either as it's only going to match the public IP.
Has anyone come up against this before and know if there is a way to resolve it or will I need to create VPN's to each of those sites so we can push the logs over their private IP's instead? _______________________________________________ observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org