It looks like evtsys is not including the host name.&nbsp; I had already tried the &quot;options { keep_hostname(yes); };&quot; option without any luck.<br><br>I also tried another program &quot;ntsyslog&quot; which gives more options (like which events to forward), but it also doesn't include the hostname.
<br><br>Do you know of any programs which may do what I need?&nbsp; If not, I'll create a seperate thread looking for something.<br><br>thanks,<br>tom<br><br><div><span class="gmail_quote">On 9/28/06, <b class="gmail_sendername">
Nate Campi</b> &lt;<a href="mailto:nate@campin.net">nate@campin.net</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Thu, Sep 28, 2006 at 01:05:39PM -0400, Tom Valdes wrote:
<br>&gt; I have some machines behind a firewall VLAN of <a href="http://10.0.240.0">10.0.240.0</a> sending logs to a<br>&gt; Linux Syslog server on the <a href="http://10.0.230.0">10.0.230.0</a> network.<br>&gt; The 2 machines are 
<a href="http://10.0.240.71">10.0.240.71</a> and <a href="http://10.0.240.72">10.0.240.72</a> and the Syslog server is<br>&gt; <a href="http://10.0.230.222">10.0.230.222</a>.<br>&gt; They are Windows and I am using the Eventlog to Syslog utility from Purdue
<br>&gt; University (<br>&gt; <a href="https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys">https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys</a>) to<br>&gt; convert the Windows event logs to Syslog.
<br>&gt;<br>&gt; Syslog is getting the information, however, any information from the 2<br>&gt; machines are coming in as <a href="http://10.0.230.1">10.0.230.1</a>.<br>&gt; -------<br>&gt; Sep 28 11:37:54 <a href="http://10.0.230.1">
10.0.230.1</a> Service Control ....... &lt;---- This machine is<br>&gt; actually <a href="http://10.0.240.71">10.0.240.71</a><br>&gt; -------<br>&gt; Is there a way to get Syslog to read the correct IP information?&nbsp;&nbsp;or does
<br>&gt; Syslog simply not pass correct host information through a router?<br><br>This evtsys might leave out the hostname information, like Linux<br>sysklogd or Solaris syslogd. This behavior is documented here:<br><br> 
<a href="http://www.campin.net/syslog-ng/syslog.html">http://www.campin.net/syslog-ng/syslog.html</a><br><br>If evtsys is in fact sending the hostname, use<br><br>options { keep_hostname(yes); };<br><br>...as described for a similar problem here where the source IP for the
<br>UDP/TCP packets are different from the original syslog client source:<br><br> <a href="http://www.campin.net/syslog-ng/faq.html#stunnel">http://www.campin.net/syslog-ng/faq.html#stunnel</a><br><br>--<br>Nate<br><br>&quot;We are discreet sheep; we wait to see how the drove is going, and then
<br>go with the drove.&quot; - Samuel Clemens<br><br>_______________________________________________<br>syslog-ng maillist&nbsp;&nbsp;-&nbsp;&nbsp;<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br>