It looks like evtsys is not including the host name. I had already tried the "options { keep_hostname(yes); };" option without any luck.<br><br>I also tried another program "ntsyslog" which gives more options (like which events to forward), but it also doesn't include the hostname.
<br><br>Do you know of any programs which may do what I need? If not, I'll create a seperate thread looking for something.<br><br>thanks,<br>tom<br><br><div><span class="gmail_quote">On 9/28/06, <b class="gmail_sendername">
Nate Campi</b> <<a href="mailto:nate@campin.net">nate@campin.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Thu, Sep 28, 2006 at 01:05:39PM -0400, Tom Valdes wrote:
<br>> I have some machines behind a firewall VLAN of <a href="http://10.0.240.0">10.0.240.0</a> sending logs to a<br>> Linux Syslog server on the <a href="http://10.0.230.0">10.0.230.0</a> network.<br>> The 2 machines are
<a href="http://10.0.240.71">10.0.240.71</a> and <a href="http://10.0.240.72">10.0.240.72</a> and the Syslog server is<br>> <a href="http://10.0.230.222">10.0.230.222</a>.<br>> They are Windows and I am using the Eventlog to Syslog utility from Purdue
<br>> University (<br>> <a href="https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys">https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys</a>) to<br>> convert the Windows event logs to Syslog.
<br>><br>> Syslog is getting the information, however, any information from the 2<br>> machines are coming in as <a href="http://10.0.230.1">10.0.230.1</a>.<br>> -------<br>> Sep 28 11:37:54 <a href="http://10.0.230.1">
10.0.230.1</a> Service Control ....... <---- This machine is<br>> actually <a href="http://10.0.240.71">10.0.240.71</a><br>> -------<br>> Is there a way to get Syslog to read the correct IP information? or does
<br>> Syslog simply not pass correct host information through a router?<br><br>This evtsys might leave out the hostname information, like Linux<br>sysklogd or Solaris syslogd. This behavior is documented here:<br><br>
<a href="http://www.campin.net/syslog-ng/syslog.html">http://www.campin.net/syslog-ng/syslog.html</a><br><br>If evtsys is in fact sending the hostname, use<br><br>options { keep_hostname(yes); };<br><br>...as described for a similar problem here where the source IP for the
<br>UDP/TCP packets are different from the original syslog client source:<br><br> <a href="http://www.campin.net/syslog-ng/faq.html#stunnel">http://www.campin.net/syslog-ng/faq.html#stunnel</a><br><br>--<br>Nate<br><br>"We are discreet sheep; we wait to see how the drove is going, and then
<br>go with the drove." - Samuel Clemens<br><br>_______________________________________________<br>syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br>