Balazs Scheidler wrote:
And for the most part things are working as we would expect, but a few of our client hosts insist in putting stuff in the host field of the syslog records and this is turning up in the HOST variable rather that the domain name of the source system. Originally we had keep_hostname (yes) so this was the expected behaviour. I have now changed the config file and restarted syslog-ng but it is still writing to the records to a file with the hostname in the packets.
hmm.. with the keep_hostname(no) setting, syslog-ng should always reverse resolve the sending IP address, so it should have a proper hostname in it as long as your DNS/hosts file is ok.
hmmm... indeed. changing the macro in the file name template from HOST to HOST_FROM resolved the issue for us. We are still using HOST in the record template and that is still showing SRS. If I get time I'll do some more experimenting in the lab to see if I can figure out exactly what is going on. In particular to make sure that it isn't something stupid that I am doing. Anyone know of a script that will put together syslog packets for test purposes? Cheers, Russell