Thanks for the hostname thing, i tryied but it continue to send to the server :
 
src_name@hotname_BOX2
 
For the log of BOX1. Let's say hosname of BOX1 is BOX1 et BOX2 is BOX2 and the source name logged is SSH
 
the Syslog server recieve thoses lines :
 
Sept 17 - SSH@BOX2 - myipthere - etc ...
 
I am connecting to BOX1 and generate logs on BOX1 that relay to BOX2 that relay to syslog server.
 
any Clue ?

> Date: Wed, 17 Sep 2008 06:56:16 -0700
> From: infosec@gmail.com
> To: syslog-ng@lists.balabit.hu
> Subject: Re: [syslog-ng] Syslog relay tag
>
> Set keep_hostname(yes); on the syslog server.
>
> http://www.campin.net/syslog-ng/faq.html#hostname
>
> On Wed, Sep 17, 2008 at 6:22 AM, Gault Stephane <hqservers@hotmail.com> wrote:
> > Hello there,
> >
> > I got a question about relaying logs from a box to a syslog server through a
> > syslog box relay. My probleme is to get the log tagged with the ip of the
> > first box, here the case :
> >
> >
> > BOX 1 => BOX2 => Syslog server
> >
> > My goal is to relay BOX1 logs to BOX2 ( security probleme, to make BOX1 out
> > of the syslog server zone) and BOX will relay the logs from BOX 1 and 2 to
> > the syslog server.
> >
> > Have you any clue how can i get the IP (or hostname) of the BOX1 included in
> > the logs or file ?
> >
> > When i do This the logs are ok, but they come with the IP of the BOX2 ( the
> > logs of BOX1 ans BOX 2 got the same source IP "BOX2" ).
> >
> > Thanks for your suggestions.
> >
> > S.Gault
> >
> > ________________________________
> > Votre correspondant a choisi Hotmail et profite d'un stockage quasiment
> > illimité. Créez un compte Hotmail gratuitement !
> > ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>

---

Souhaitez vous  « être au bureau sans y être » ? Oui je le veux !