Hi everyone,

We've currently got a syslog setup that centralizes our logs from many of our different teirs into one location, using each system's prebuilt syslog.  It works at the moment, but we've got some issues.

Our main one is that we name our hosts the same in different environments, mainly because these environments are for moving code and configs from 1 step to the next, so to make it easier on people so they don't have to change configurations each time the code moves, hosts share similar names.

The problem is that when all the logs come back to the central syslog server, they can't be seperated by host because of the similiarities.  So 'web5' in our QA is the same as 'web5' in production.

Because of that, we were looking at syslog-ng and while I found a couple references to using FQDN, I've been unable to tell whether or not this is possible.

Our machines DO have different FQDNs.  For example, web5.qa.location.domain.com vs. web5.prod.location.domain.com.  If we run our main central server on syslog-ng and replace all the syslog daemon's on each system with it, can we force the FQDN to be given rather then just the base hostname and have the central log server sort the logs into different directories based on the FQDN?

Thanks!

--
sh