Greetings. I'm
having a problem with getting syslog-ng to write out to filenames based on
$HOST. My setup is as follows:
-I have two machines
running syslog-ng
-Machine A has a
program that sends syslog messages to itself (127.0.0.1)
-Machine A has a tcp
destination rule like: destination Machine_B{ tcp(10.1.1.1);
}
-Machine B has a tcp
source rule that receives the messages from Machine A
-Machine B has a destination
rule like: destination host_logs { file("/logs/$HOST.txt");
}
The problem is
that what I end up with on Machine B is a file called /logs/127.0.0.1 that
contains all the messages generated by the program on Machine A. They look like
this:
Aug 3 09:12:48
127.0.0.1/127.0.0.1/10.1.1.2 myprog[2182]: Test message
I've fiddled
with setting keep_hostname() to yes and no on Machine B, but to no avail...
apparently this doesn't affect the $HOST variable. I know that
chain_hostnames(no) fixes the problem (I get a file named 10.1.1.2, which is
what I want), but I'd really like to see the whole path the message took because
sometimes Machine A will receive messages from others that get forwarded on. Is
there any way to accomplish this.
In simple
terms, I think I'm looking for a way to get the $HOST variable to pick the LAST
hostname in the chain instead of the first. Any ideas, or do I need to edit the
code? If the later is the case, I'm pretty sure I need to fix something in
expand_macro() (in affile.c), if anyone knows exactly how this should be done
some help would be appreciated, otherwise I'll dust off my debugger skills and
see what I can accomplish. I hope it doesn't come to that
though.
Chris Sibbitt
Operations Development
106 Schneider Road, Unit C
Kanata, Ontario K2K 1Y2
Phone (613) 271-6220, ext228
Fax (613)
271-6229