Hi,

 

We have a setup where multiple syslog-ng servers send logs to a central syslog-ng server. Finally this central syslog-ng server sends the consolidated logs to an outside server. The outside server can be any server accepting standard syslog messages. The first group of servers are running in the internal network and don’t have any hostname associated with them. Also the ip address is internal and does not make sense to outside world. My requirement is that the outside server should only see the ip address of the syslog-ng server which consolidates the messages from these syslog-ng servers. But I always see the ip address of the syslog-ng server which originated the message. Is there anyway to get rid of this? I tried playing with the keep_hostname, long_hostname, chain_hostname and bad_hostname options but I still see the ip address of the originating server.

 

Thanks in advance for the help.

-Shashank