Hi Marcos,<div>Are you saying that the recieving server is not keeping the original hostname?</div><div>If so, just use keep_hostname(yes); in your global options.</div><div><br></div><div><br></div><div>Here are my settings:</div>
<div><div>options {</div><div> long_hostnames(off);</div><div> # doesn't actually help on Solaris, log(3) truncates at 1024 chars</div><div> log_msg_size(8192);</div><div> # buffer just a little for performance</div>
<div> flush_lines(1);</div><div> # memory is cheap, buffer messages unable to write (like to loghost)</div><div> log_fifo_size(16384);</div><div> # The time to wait before a dead connection is reestablished (seconds)</div>
<div> time_reopen(10);</div><div> #Use DNS so that our good names are used, not hostnames</div><div> use_dns(yes);</div><div> dns_cache(yes);</div><div> #Use the whole DNS name</div><div> use_fqdn(yes);</div>
<div> keep_hostname(yes);</div><div> chain_hostnames(no);</div><div> #Read permission for everyone</div><div> perm(0644);</div><div>};</div><div><br></div></div><div><br></div><div><br></div><div><br clear="all">
______________________________________________________________ <br><br>Clayton Dukes<br>______________________________________________________________<br>
<br><br><div class="gmail_quote">On Wed, Aug 3, 2011 at 6:20 AM, Marcos Tang <span dir="ltr"><<a href="mailto:marcostang2002@yahoo.com">marcostang2002@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div style="color:#000;background-color:#fff;font-family:verdana, helvetica, sans-serif;font-size:12pt"><div><span>Hi,</span></div><div><span><br></span></div><div><span>I have a problem to manage the Syslog-NG messages sending from different Syslog-NG clients at different remote sites.</span></div>
<div><span><br></span></div><div>For example, I have 10 sites (site1, site2, site3 to site 10) running Syslog-NG clients. Each site has one Syslog-NG server and all the Syslog messages will be forwarded to the centralized Syslog-NG server and insert into the MySQL database at the headquarter finally.</div>
<div><br></div><div>Now, I can see all the Syslog messages at the headquarter MySQL database; but it is hard for me to manage them.</div><div><br></div><div>For example, if I know the hostname of a particular host, I can query the MySQL database to search for the Syslog related to that host. However, if I want to know the Syslog messages
coming from a particular site such as "site1", how can I do that? There is no "site1" information inside the Syslog messages.</div><div><br></div><div>I am thinking if I can modify the Syslog-NG configuration file such that I can add some information such as "site1" and make it as part of the Syslog messages, I can query the MySQL database for "site1" pattern. But I am not sure if I can do that or not.</div>
<div><br></div><div>If you have any suggestions/ideas, please let me know that.</div><div> </div><div>Regards,<br><font color="#888888">Marcos</font></div></div></div><br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>