[syslog-ng]sorting messages with no HOSTNAME in HEADER

[Lars Erik Gullerud]

Is there any way to make syslog-ng understand that messages it receives
from my external hosts will _never_ have a HOSTNAME portion in its
HEADER, as according to the terms used in RFC3164?

I.e. my syslog-packets, regardless of the type of equipment generating
them, always contain just a PRI, a TIMESTAMP and then the MSG. No
HOSTNAME and no TAG.

syslog-ng seems to always want to parse the first word of the received
MSG as a hostname (although it is always in the format
%SOMESYSLOGMESSAGE with a leading %, for all the hardware platforms I am
trying to log), so keep_hostnames(yes) will sort based on this as the
hostname, while keep_hostnames(no) will correctly sort, but replace the
actual message I want to keep with a hostname.

Now, i _know_ my packets will never have a HOSTNAME portion, so i always
want syslog-ng to add that, but i do NOT want it to fiddle around with
what it wrongly perceives to be a HOSTNAME in the received message. I.e.
I want the hostname _added_, not rewritten.

Is there any way I get syslog-ng to understand this? My normal
FreeBSD-syslogd handles this problem beautifully by default, but it's a
pain to have to run cron-jobs periodically to sort the logs into
per-host logfiles. Surely it's just me who is being stupid here, this
must be possible with syslog-ng?

/leg