On Tue, 2009-09-29 at 15:11 +0530, Jain, Vaibhav (GE Healthcare) wrote:
Hi,
I am using syslog-ng open source (syslog-ng-3.0.3-1.rhel5.amd64) for log collection. I want to pass the syslog-ng machine ip address in the message header. in the current configuration I am getting following header in the log message -->
Sep 29 00:24:20 INBLRECIS2871 ''
In the above message "INBLRECIS2871" is the syslog-ng machine name but I want the IP address in place of machine name. let me know how to achieve this ?
Current configurastion --> 1) syslog-ng client config :->
options { mark_freq(30); log_msg_size(65530); }
destination d_messages { syslog("3.2.20.26" transport("tcp") port(601) template("$HOST $MSGHDR$MSG ::::$FILE_NAME")); }
2) syslog-ng server config->
options { time_reap(30); mark_freq(10); log_msg_size(65530); }
Well, you can control the name resolution behaviour with: keep_hostname(yes or no) and use_dns(yes or no) If you use keep_hostname(no) and use_dns(no), you'll make syslog-ng to always replace the HOST field of the message with the IP address of the sender host. If you have multiple hops (e.g. relays), you might want to use the settings above only on the first hop, and then keep_hostname(yes) on the central syslog server, because otherwise you'd always see the relay ip address. -- Bazsi