A bit of tracing shows the results of get_source_hostname is NULL. I assume this contributes to syslog-ng putting logger01 (the logging host) back in as the name of the source host. Can anyone confirm they have UDP logging with source hosts working in 1.6.4? Thanks as I'm a bit stuck. -Steve S. Steven S. wrote:
When logging udp message the "host" tag is being listed as local host and the time is incorrect. Here is a sample of two different syslog runs. One with syslog-ng 1.6.4 and one with the native OpenBSD 3.5 syslogd. The host "logger01" is the name of the localhost, not a reverse of 172.16.10.20. Also these runs were taken seconds apart yet the timestamps are 11 hours apart.
Any insight would be appreciated.
...running syslog-ng May 19 00:35:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" May 19 00:36:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in"
...