[syslog-ng] host name treatment
Russell Fulton
r.fulton at auckland.ac.nz
Fri Aug 25 01:36:05 CEST 2006
Here are the options that we are using:
options {
sync (0);
time_reopen (10);
log_fifo_size (5000);
long_hostnames (on);
use_dns (yes);
use_fqdn (yes);
create_dirs (yes);
};
And for the most part things are working as we would expect, but a few
of our client hosts insist in putting stuff in the host field of the
syslog records and this is turning up in the HOST variable rather that
the domain name of the source system. Originally we had keep_hostname
(yes) so this was the expected behaviour. I have now changed the config
file and restarted syslog-ng but it is still writing to the records to a
file with the hostname in the packets.
I have verified that I have edited the right file by then turning off
use_fqdn for a few seconds and seeing all the new directories turn up
in the log directory (I've lost count of the time that I have spent
hours tearing my hair out because I've edited the wrong copy of the file :)
This issue is causing real problems for us because we have some crappy
monitoring software on our Solaris boxes which generates syslog records
with "SRS" in the host field regardless of what the host name is and we
have about 10 of these machines so all the records end up in one file on
the central server and we can't tell which they are coming from. I'd
rather not chain host names which would seem to be the other solution.
We are running syslog-ng-2.0rc1 according to the source file.
Cheers, Russell
More information about the syslog-ng
mailing list