The big problem with tunneling the session is that $HOST gets set to what the sending host thinks its name is, not the reverse-resolved name of the originating IP address. So in our organization, where we have lots of servers named web001.unit1 or web001.unit2 (internal DNS of course), a reasonable-looking destination file like /var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY results in log lines from multiple hosts getting mingled together in the same files if their logs are delivered via stunnel. If anyone has figured out a way to solve this problem please share! Alexi Bill Nash wrote:
Is it planned? I'm lookin around, and see previous mention of it, but nothing concrete. Yes, I know you can just tunnel the session, but I'd prefer native transport.
- billn _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html