[Fw: keep_hostname (yes); and source file]
There seems to be no hostname associated with file() so it uses the first word of the message. The first word of the log message is 'DEBUG'. On the central log server I added 'DEBUG' to the filter host and it worked. Is there a way to set the hostname when the source uses file() ? -steve ----- Forwarded message from Steven Blatchford <sblatchford@gmail.com> -----
From: Steven Blatchford <sblatchford@gmail.com> Subject: keep_hostname (yes); and source file To: syslog-ng@lists.balabit.hu Date: Fri, 27 May 2011 18:29:41 -0400
Hello,
I have a file, /srv/http/foo/var/log/system.log that I would like sent to our central log. This config was not working:
@version: 3.0 # # /etc/syslog-ng.conf #
options { stats_freq (0); flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames(off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); perm(0640); group("log"); };
source s_foo { file("/srv/http/foo/var/log/system.log"); };
log { source(s_foo); destination(d_net); };
destination d_net { udp("host.org"); };
It does work if I comment out 'keep_hostname (yes);'. Can someone explain to me why this is?
-steve
----- End forwarded message -----
On Fri, 2011-05-27 at 18:44 -0400, Steven Blatchford wrote:
There seems to be no hostname associated with file() so it uses the first word of the message. The first word of the log message is 'DEBUG'. On the central log server I added 'DEBUG' to the filter host and it worked.
Is there a way to set the hostname when the source uses file() ?
That happens because syslog-ng tries to parse the file as if it was in syslog format. You can disable parsing with flags(no-parse). With that the content of each line will become part of $MSG and syslog-ng will prepend a syslog header when sending it to the server. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Steven Blatchford