That is what you get when you set keep_hostname(yes) The first IP address is the one placed into the message (on the wire) by the source device. The second one is added by the local/receiving syslog-ng system. If you enabled the DNS for this, you would get the locally resolved DNS name for that IP. Evan. On 06/08/2017 11:04 AM, Scot wrote:
I seem to be getting a duplicate host header in my udp syslog input where the IP is printed twice.
IP/IP any ideas where it comes from ?
Same result for either of these. #source s_net_udp {udp(ip(0.0.0.0) port(514) keep_hostname(yes) so_rcvbuf(262142));}; #source s_net_udp {syslog(ip(10.189.252.62) port(514) transport("udp") flags(no-hostname) so_rcvbuf(262142));};
Jun 8 13:55:21 *192.168.10.10/192.168.10.10 <http://192.168.10.10/192.168.10.10> * fw-aplha %ASA-4-106 ..............