I currently have a rsyslog server setup to accept logs from our internal cisco devices. It is working well, but it seems to be doing a TON of reverse DNS lookups. It seems that the rsyslog server is using reverse DNS to find where the message is coming from rather than the hostname in the message.
Example of one of the messages:
Aug 22 11:33:58 cisco-test 17: 000014: Aug 22 11:33:57.726 est: %SYS-5-CONFIG_I: Configured from console by johnd on vty0 (x.x.x.x)
So it seems are messages are formatted correctly. Here is my rsyslong.conf file:
# cat /etc/rsyslog.conf
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
:HOSTNAME, !isequal, "rsyslogserver" ~