<div dir="ltr"><div dir="ltr"><span style="color:rgb(0,0,0);font-family:SourceSansLocal,source-sans-pro,"Source Sans Pro",-apple-system,Roboto,"pt sans",calibri,sans-serif;background-color:rgb(253,253,253)">Hi, </span><div><span style="color:rgb(0,0,0);font-family:SourceSansLocal,source-sans-pro,"Source Sans Pro",-apple-system,Roboto,"pt sans",calibri,sans-serif;font-size:16px;background-color:rgb(253,253,253)"><br></span></div><div><span style="font-family:SourceSansLocal,source-sans-pro,"Source Sans Pro",-apple-system,Roboto,"pt sans",calibri,sans-serif;background-color:rgb(255,255,255)"><font color="#000000">I was wondering what would happen when the log received hostname matches the bad-hostname and check-hostname options. Its not written in the documentation clearly.</font></span></div><div><span style="font-family:SourceSansLocal,source-sans-pro,"Source Sans Pro",-apple-system,Roboto,"pt sans",calibri,sans-serif;background-color:rgb(255,255,255)"><font color="#000000"><br></font></span></div><p style="font-family:SourceSansLocal,source-sans-pro,"Source Sans Pro",-apple-system,Roboto,"pt sans",calibri,sans-serif;line-height:inherit;margin:0px;padding:0px 0px 0.2em"><span style="background-color:rgb(255,255,255)"><font color="#000000">My use case was, i have syslog running on my server that is receiving logs from multiple servers. I have all of them into a central folder.</font></span></p><p style="font-family:SourceSansLocal,source-sans-pro,"Source Sans Pro",-apple-system,Roboto,"pt sans",calibri,sans-serif;line-height:inherit;margin:0px;padding:0.2em 0px"><span style="background-color:rgb(255,255,255)"><font color="#000000">A pesudo config I am using would be:<br>source s_udp { network(ip("1.1.1.1") transport("udp") port(514)); };<br>destination d_servers { file("/mnt/logs/$HOST/$YEAR-$MONTH-$DAY.log"); };<br>log { source(s_udp); destination(d_servers); };</font></span></p><div><span style="background-color:rgb(255,255,255)"><font color="#000000"><span style="font-family:SourceSansLocal,source-sans-pro,"Source Sans Pro",-apple-system,Roboto,"pt sans",calibri,sans-serif">However, with this config i received weird stuff in the /mnt/logs folder.</span> </font></span><br></div><div><span style="background-color:rgb(255,255,255)"><font color="#000000"><br></font></span></div><div><div><img src="cid:ii_jvegg6e10" alt="image.png" width="101" height="79"><br></div></div><div><br></div><div>I was thinking if using both check-hostname and bad-hostname would help reduce such stuffs.<br></div><div><br></div><div>Yours Sincerely, </div><div>Delon</div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 6 May 2019 at 16:25, Delon Lee Di Lun <<a href="mailto:lee.delon2005@gmail.com">lee.delon2005@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi, you referring to bad_hostname or check_hostname? </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 6 May 2019 at 15:45, Scheidler, Balázs <<a href="mailto:balazs.scheidler@oneidentity.com" target="_blank">balazs.scheidler@oneidentity.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">If those options match in the hostname field, syslog-ng will assume it didn't get a hostname, and shifts that value to the start of the message field, so they will be parsed into PROGRAM.<div dir="auto"><br></div><div dir="auto">alternatively you can use the no-parse flag, fix the value and apply a syslog-parser() later.</div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, May 6, 2019, 03:21 Delon Lee Di Lun <<a href="mailto:lee.delon2005@gmail.com" target="_blank">lee.delon2005@gmail.com</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi, <div><br></div><div>Anybody used the syslog-ng options bad_hostname & check_hostname? <br><br></div><div>How does that works? </div><div><br></div><div>I have syslog-ng listening on UDP, and found that there are some gibberish logs in the folder. Was thinking if using the above two options would help reduce the gibberish. </div><div><br></div><div>Yours Sincerely, </div><div>Delon</div></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
</blockquote></div>