Thomas Morin said:
I believe that syslog-ng, when no hostname is provided in the message itself, creates a hostname by re(ver)solving the IP. Perhaps 127.0.0.1 (source IP of the message) is just resolving back to plain 'localhost' and this is what your syslog-ng logs. In this case you could just tweak your /etc/hosts to make 127.0.0.1 resolve back to the hostname you want instead of localhost.
Otherwise, you may try to adapt the conversion pattern of the log4j syslog appender to include the hostname, but you may end up in a situation where you have to make some java code to generate the conversion pattern (there is no %"something" that gives the hostname...).
thanks! yep that seemed to work(changing /etc/hosts), I thought about it yesterday but didn't try it..but it looks like the log4j stuff isn't good enough, it's not obeying the configuration 100% which makes it very difficult to filter(I set it to log to facility local6 but a buncha stuff still comes through using the facility user, also I am having it preappend some text for filtering further, but that preappend doesn't occur on all entries), so looks like I won't be able to use syslog for log4j. was worth a shot at least, had high hopes! thanks again for the quick response nate