<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#0050d0">
Sent: Mon Aug 29 2011 19:36:28 GMT-0600 (MST)<br>
From: Matt Zagrabelny <a class="moz-txt-link-rfc2396E" href="mailto:mzagrabe@d.umn.edu"><mzagrabe@d.umn.edu></a><br>
To: <a class="moz-txt-link-abbreviated" href="mailto:syslogng@feystorm.net">syslogng@feystorm.net</a> "Syslog-ng users' and developers' mailing
list" <a class="moz-txt-link-rfc2396E" href="mailto:syslog-ng@lists.balabit.hu"><syslog-ng@lists.balabit.hu></a><br>
Subject: Re: [syslog-ng] malformed syslog packets?<br>
<blockquote
cite="mid:CAOLfK3UmbdRO7UCg2Qx-PdT+6i_XfA2uFBOamkn+7K0WcDwjSg@mail.gmail.com"
type="cite">
<blockquote type="cite">
<pre wrap="">
That would be the issue. You want $HOST_FROM
</pre>
</blockquote>
<pre wrap="">
Super! I have tweaked the configs.
</pre>
<blockquote type="cite">
<pre wrap="">From the user guide:
HOST
Description: The name of the source host where the message originates from.
If the message traverses several hosts and the chain_hostnames() option is
on, the first host in the chain is used. To use this macro, make sure that
the keep_hostname() option is enabled.
</pre>
</blockquote>
<pre wrap="">
Okay. However there is only one host in the chain:
APC UPS (udp 514)-> syslog_server
doesn't syslog-ng do (reverse) name lookups when using the HOST macro?
</pre>
</blockquote>
It uses the host name as provided by the remote server. So the APC
is using its IP as the hostname, while all your other hosts were
using an actual hostname as the hostname.<br>
<br>
</body>
</html>