On Wed, 2011-07-20 at 12:39 -0400, Norman Elton wrote:
I'm running syslog-ng 3.2.4 from RedHat's RPM. Unfortunately, I can't seem to log the hostname as specified in the incoming UDP packet. We don't do DNS resolution; rather, just want to log what the sending host is passing along. No relays in the mix, but we have keep_hostname() enabled. My global options:
flush_lines(10); flush_timeout(750); time_reopen (10); log_fifo_size (1000); keep_hostname (yes);
When I log $HOSTNAME or $HOST, I just get the sender's IP address. Similarly, filters based on these macros don't work properly. This all seemed to work on prior versions of syslog-ng (2.something).
Sorry for the long delay, summer holidays and such. The issue you are seeing seems to indicate that syslog-ng failed to recognize the hostname in the packet for some reason. Can you please produce a dump of the incoming frame as it was received on the network? the udp payload should be ok. -- Bazsi