On Mon, May 6, 2019, 10:25 Delon Lee Di Lun <lee.delon2005@gmail.com wrote:
Hi, you referring to bad_hostname or check_hostname?
Both. They result in the same action, just decide whether the hostname it's considered bad differently. check-hostname uses a hardcoded set of characters, bad-hostname uses a regular expression.
On Mon, 6 May 2019 at 15:45, Scheidler, Balázs < balazs.scheidler@oneidentity.com> wrote:
If those options match in the hostname field, syslog-ng will assume it didn't get a hostname, and shifts that value to the start of the message field, so they will be parsed into PROGRAM.
alternatively you can use the no-parse flag, fix the value and apply a syslog-parser() later.
On Mon, May 6, 2019, 03:21 Delon Lee Di Lun <lee.delon2005@gmail.com wrote:
Hi,
Anybody used the syslog-ng options bad_hostname & check_hostname?
How does that works?
I have syslog-ng listening on UDP, and found that there are some gibberish logs in the folder. Was thinking if using the above two options would help reduce the gibberish.
Yours Sincerely, Delon
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq