No, I think he needs a way to distinguish be site1 and site2, where site1 have servera/serverc/serverf, and site2 have serverb/serverd/servere/serveri I would consider the chain_hostnames() option on the relay/site-syslog server On Wed, Aug 3, 2011 at 2:51 PM, Clayton Dukes <cdukes@gmail.com> wrote:
Hi Marcos, Are you saying that the recieving server is not keeping the original hostname? If so, just use keep_hostname(yes); in your global options.
Here are my settings: options { long_hostnames(off); # doesn't actually help on Solaris, log(3) truncates at 1024 chars log_msg_size(8192); # buffer just a little for performance flush_lines(1); # memory is cheap, buffer messages unable to write (like to loghost) log_fifo_size(16384); # The time to wait before a dead connection is reestablished (seconds) time_reopen(10); #Use DNS so that our good names are used, not hostnames use_dns(yes); dns_cache(yes); #Use the whole DNS name use_fqdn(yes); keep_hostname(yes); chain_hostnames(no); #Read permission for everyone perm(0644); };
______________________________________________________________
Clayton Dukes ______________________________________________________________
On Wed, Aug 3, 2011 at 6:20 AM, Marcos Tang <marcostang2002@yahoo.com> wrote:
Hi, I have a problem to manage the Syslog-NG messages sending from different Syslog-NG clients at different remote sites. For example, I have 10 sites (site1, site2, site3 to site 10) running Syslog-NG clients. Each site has one Syslog-NG server and all the Syslog messages will be forwarded to the centralized Syslog-NG server and insert into the MySQL database at the headquarter finally. Now, I can see all the Syslog messages at the headquarter MySQL database; but it is hard for me to manage them. For example, if I know the hostname of a particular host, I can query the MySQL database to search for the Syslog related to that host. However, if I want to know the Syslog messages coming from a particular site such as "site1", how can I do that? There is no "site1" information inside the Syslog messages. I am thinking if I can modify the Syslog-NG configuration file such that I can add some information such as "site1" and make it as part of the Syslog messages, I can query the MySQL database for "site1" pattern. But I am not sure if I can do that or not. If you have any suggestions/ideas, please let me know that.
Regards, Marcos
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq