On Thu, 2004-08-26 at 11:23, Darren J. Wise wrote:
Hi,
I have a Sun Ultra 5 that I am setting up as a log server using OpenBSD 3.5 with the stable port of syslog-ng 1.5.24.
In the syslog-ng.conf file I have got the following options:
options { sync(0); time_reopen (10); log_fifo_size (1000); long_hostnames (no); use_dns (yes); use_fqdn (no); create_dirs(yes); chain_hostnames (no); keep_hostname (yes); perm (0600); };
And the following network related source, destination and log options:
source s_net { udp(); }; destination d_net { file("/export/syslog-ng/$HOST/messages"); }; log { source(s_net); destination(d_net); };
I have got a Sparc Solaris 9 box and Linux box logging to this machine using the default Solaris/Linux syslog.
The problem that I am seeing is that the log server logs all messages as if they have came from the localhost, an example from the Linux machine on the log server (loghost-test is the name of the log server) :
Aug 24 12:53:38 loghost-test xfs: Entry deleted from font path.
I have also compiled syslog-ng 1.6.5 with libol 0.3.14 and still get the same problem.
keep_hostname() tells syslog-ng not to touch the hostname as received from the network, except when there is no hostname at all, in which case it performs a reverse DNS lookup (if use_dns is enabled) and adds that hostname to the message. I'd first check how the log message is received from the network. (e.g. tcpdump) -- Bazsi