Thanks. Meanwhile I finally read the bottom of these responses and went to www.campin.net/syslog-ng/faq.html. It was very helpful! It explained the header problem I think ..... Many syslog programs, when configured to relay messages on to another syslog program on another host, will leave out certain parts of the syslog message - complicating proper identification of certain fields. ....and...... The sysklogd program used as a syslog server for many Linux distributions also leaves out fields. It leaves out the time/date information and the hostname information (the entire "header"). So it sounds like I'll have to install syslog-ng on all the downstream servers also. Thanks. On Wed, Dec 28, 2005 at 01:45:26PM -0500, ken.schweiker@faa.gov wrote:
options { keep_hostname(no); use_dns(no); sync(0); };\
Turn off long hostnames and you should start seeing the remote IP in the logs: long_hostnames(off); See this URL for hostname options: http://www.campin.net/syslog-ng/faq.html#hostname Keep the use_dns(no) since you want IP's. -- Nate "A computer will do what you tell it to do, but that may be much different from what you had in mind." - JOSEPH WEIZENBAUM, quoted in Time _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html