sorry, sent too soon. 1) on the client side, if the message is from a local transport (e.g. system() source, unix-stream and the like), the hostname field will automatically be filled with the name of the host as set with the hostname command (e.g. /etc/hostname). you could change this logic by setting the $HOST macro to your local IP address. 2) on the server side, when we receive a message, we can either accept it as sent by the client (e.g. keep-hostname(yes) or keep-hostname(no)). If accepted, then we just accept the literal value as sent by the client. If you don't trust the client's idea of its hostname, simply set keep-hostname(no) on the server side. In this case the server will attempt to determine the HOST value based on the IP address of the sender. In this phase it either uses DNS (use-dns(yes) setting) or it doesn't. If it uses DNS, it will populate the HOST field with the reverse-resolved DNS name. If you set use-dns(no), you'll get an IP address. Hope this helps, On Thu, Feb 27, 2020 at 11:00 AM Balazs Scheidler <bazsi77@gmail.com> wrote:
it depends on where the message is coming from. if it is coming from localhost
On Wed, Feb 26, 2020 at 7:40 PM Alexandre Santos < alexandre.rosas.santos@gmail.com> wrote:
Hello,
I have the following a syslog-ng server and a syslog-ng client, which configurations I am sending in attachment. I am using the syslog driver in order to have full compatibility with RFC5424. I want to use the IP address and not the hostname, but I keep seeing the hostname in tcpdump:
[root@tests tests]# tcpdump -A -i virbr0 port 60514 or 514 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on virbr0, link-type EN10MB (Ethernet), capture size 262144 bytes 18:30:09.810757 IP 192.168.122.11.34512 > tests.syslog: SYSLOG local0.info, length: 100 E.....@.@..K..z...z......l..<134>1 2020-02-26T18:30:09+00:00 localhost root 9519 - - This is a local0 info buffer filler string
and in logfile:
<134>1 2020-02-26T18:30:09+00:00 localhost root 9519 - - This is a local0 info buffer filler string
Can you help me?
Thanks in advance, Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Bazsi
-- Bazsi