On Wed, 2005-12-28 at 10:28 -0500, ken.schweiker@faa.gov wrote:
I hope someone can answer a few basic questions to help with my previously described problem. Since I have not used syslog before....
Is the rhost field where I should see some value? specifically the originating ip address of the msg.? my field is blank. Does anyone else use the version 1.6.2. and not have this problem?
Uh huh, you mean the rhost field _inside_ the message part? Dec 23 17:50:12 suselog/suselog su(pam_unix)[13205]: authentication failure; logname=syss555 uid=500 euid=0 tty=pts/4 ruser=syss555 rhost= user=root In this case this has nothing to do with syslog-ng as it never touches the message itself (e.g. anything after the hostname in the header suselog/suselog in the case above) -- Bazsi