On Wed, Dec 28, 2005 at 03:45:30PM -0500, ken.schweiker@faa.gov wrote:
Thanks. Meanwhile I finally read the bottom of these responses and went to www.campin.net/syslog-ng/faq.html. It was very helpful!
It explained the header problem I think ..... Many syslog programs, when configured to relay messages on to another syslog program on another host, will leave out certain parts of the syslog message - complicating proper identification of certain fields. ....and...... The sysklogd program used as a syslog server for many Linux distributions also leaves out fields. It leaves out the time/date information and the hostname information (the entire "header").
So it sounds like I'll have to install syslog-ng on all the downstream servers also. Thanks.
I'm glad you read that, but it might not really be clear enough on how syslog-ng behaves in this situation. What happens is that syslog-ng puts in a hostname based on the remote IP or DNS name, and also uses the chained hostname format if configured to do so. Don't bother putting syslog-ng everywhere just for that reason. Let me know if this clears things up. -- Nate "The more I C, the less I see."