Dear Syslog-ng users, I'm trying to understand (using syslog-ng community source code and some testing) if it is possible to map a given hostname located into MSGONLY macro to the FULLHOST or HOST macro. I'm trying to achieve this in order to fetch the hostname (SNMP trap source) provided by my snmptrapd collector (which is located on the same server as syslog-ng). The snmptrapd collector is logging its trap using syslog API as follow (snmptrapd source code): int log_handler_syslog( netsnmp_log_handler* logh, int pri, const char *str){ /* * XXX * We've got three items of information to work with: * Is the syslog currently open? * What ident string to use? * What facility to log to? * * We've got two "magic" locations (imagic & magic) plus the token */ if (!(logh->imagic)) { const char *ident = logh->token; int facility = (int)(intptr_t)logh->magic; if (!ident) ident = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_APPTYPE); openlog(ident, LOG_CONS | LOG_PID, facility); logh->imagic = 1; } syslog( pri, "%s", str ); return 1; } As provided by syslog.h, there is no way to set the hostname used into syslog message (it is automatically set by the API). So my logs, provided by snmptrapd, look like the following (where HOST macro is related to the server hosting syslog-ng and snmptrapd): 12/11/2008 16:57:14 SYSLOG-COLLECTOR LEVEL=info snmptrapd[29592]: wlc02.mydomain.com Cold Start In order to be able to get wlc02.mydomain.com as $HOST or $FULLHOST macro, I set: chain_hostnames(yes); keep_hostname(yes); and I formated my snmptrapd logs MSGONLY content (using snmptrad config statements) as RFC 3164 need it: 12/11/2008 16:58:00 SYSLOG-COLLECTOR LEVEL=info snmptrapd[29592]: Nov 12 16:57:59 wlc02.mydomain.com Cold Start I thought that the above log would be seen as a relayed message by syslog-ng allowing me to fetch wlc02.mydomain.com into $HOST or $FULLHOST. Unfortunately this config provide me the following string into $FULLHOST macro: s_source@SYSLOG-COLLECTOR Does syslog-ng only use relay config statements (keep_hostname, etc.) when the log source is defined as udp() or tcp() ? I saw another hint about this here: http://osdir.com/ml/syslog-ng/2004-10/msg00062.html It says that: "If you still have your snmptrapd hostname, then you have to modify snmptrapd to use the original hostname when it sends the message about the trap" But as given above (syslog API usage into snmptrapd) how can I set the hostname of the syslog message ? Any hint is welcome ! Thanks in advance, Joël