On Fri, Mar 07, 2003 at 07:57:41PM +0100, Lars Erik Gullerud wrote:
Is there any way to make syslog-ng understand that messages it receives from my external hosts will _never_ have a HOSTNAME portion in its HEADER, as according to the terms used in RFC3164?
I.e. my syslog-packets, regardless of the type of equipment generating them, always contain just a PRI, a TIMESTAMP and then the MSG. No HOSTNAME and no TAG.
syslog-ng seems to always want to parse the first word of the received MSG as a hostname (although it is always in the format %SOMESYSLOGMESSAGE with a leading %, for all the hardware platforms I am trying to log), so keep_hostnames(yes) will sort based on this as the hostname, while keep_hostnames(no) will correctly sort, but replace the actual message I want to keep with a hostname.
Now, i _know_ my packets will never have a HOSTNAME portion, so i always want syslog-ng to add that, but i do NOT want it to fiddle around with what it wrongly perceives to be a HOSTNAME in the received message. I.e. I want the hostname _added_, not rewritten.
Is there any way I get syslog-ng to understand this? My normal FreeBSD-syslogd handles this problem beautifully by default, but it's a pain to have to run cron-jobs periodically to sort the logs into per-host logfiles. Surely it's just me who is being stupid here, this must be possible with syslog-ng?
you have two options: 1) enable check_hostname() it validates the hostname whether contains valid characters only options { check_hostname(yes); }; 2) use bad_hostname() and use a regexp that always matches. options { bad_hostname(".*"); } -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1