There seems to be no hostname associated with file() so it uses the first word of the message. The first word of the log message is 'DEBUG'. On the central log server I added 'DEBUG' to the filter host and it worked. Is there a way to set the hostname when the source uses file() ? -steve ----- Forwarded message from Steven Blatchford <sblatchford@gmail.com> -----
From: Steven Blatchford <sblatchford@gmail.com> Subject: keep_hostname (yes); and source file To: syslog-ng@lists.balabit.hu Date: Fri, 27 May 2011 18:29:41 -0400
Hello,
I have a file, /srv/http/foo/var/log/system.log that I would like sent to our central log. This config was not working:
@version: 3.0 # # /etc/syslog-ng.conf #
options { stats_freq (0); flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames(off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); perm(0640); group("log"); };
source s_foo { file("/srv/http/foo/var/log/system.log"); };
log { source(s_foo); destination(d_net); };
destination d_net { udp("host.org"); };
It does work if I comment out 'keep_hostname (yes);'. Can someone explain to me why this is?
-steve
----- End forwarded message -----