Any ideas on this? Is there any way I can
use the filters to solve this problem?
-Thanks
From: syslog-ng-bounces@lists.balabit.hu
[mailto:syslog-ng-bounces@lists.balabit.hu] On
Behalf Of Shashank Vinchurkar
Sent: Friday, May 29, 2009 2:54 PM
To:
Subject: [syslog-ng] Stripping the
original hostname /ip from the syslogmessage
Hi,
We have a setup where multiple syslog-ng servers send logs
to a central syslog-ng server. Finally this central syslog-ng server sends the
consolidated logs to an outside server. The outside server can be any server accepting
standard syslog messages. The first group of servers are running in the
internal network and don’t have any hostname associated with them. Also
the ip address is internal and does not make sense to outside world. My
requirement is that the outside server should only see the ip address of the
syslog-ng server which consolidates the messages from these syslog-ng servers.
But I always see the ip address of the syslog-ng server which originated the
message. Is there anyway to get rid of this? I tried playing with the
keep_hostname, long_hostname, chain_hostname and bad_hostname options but I
still see the ip address of the originating server.
Thanks in advance for the help.
-Shashank