syslog-ng premium "$HOST" issue
Hi, I am using syslog-ng opensource version 1.6.5 on central syslog server. which is receiving logs from 4 collectors and some individual hosts. To evaluate syslog-ng premium I got 30 day license of "syslog-ng-premium-edition 3.0.2a" and installed it on a new box. and forward events coming on central syslog server to this new box using a file template template("'$HOST'|'$FACILITY'|'$PRIORITY'|'$PROGRAM'|'$MONTH $DAY$ $YEAR $HOUR:$MIN:$SEC'|'$MSGONLY'\n")); but here in $HOST I am getting name of central syslog server instead of actual host. While in ver 1.6.5 it appears correct using same template on events coming from 4 collectors. is there version incompatibility or some bug in ver 3.0.2a Regards, -Manish
Hi! On Thu, 2009-07-16 at 20:25 -0700, Arya, Manish Kumar wrote:
Hi,
template("'$HOST'|'$FACILITY'|'$PRIORITY'|'$PROGRAM'|'$MONTH $DAY$ $YEAR $HOUR:$MIN:$SEC'|'$MSGONLY'\n"));
but here in $HOST I am getting name of central syslog server instead of actual host.
While in ver 1.6.5 it appears correct using same template on events coming from 4 collectors.
is there version incompatibility or some bug in ver 3.0.2a
Maybe we can call it version incompatibility. There is an option called keep_hostname. IIRC the default of this option is changed from True to False. If you set it to true, you could get the behavior you want. You should add "keep_hostname(yes);" to the option section.
perfect :-) its working fine now --- On Fri, 7/17/09, SZALAY Attila <sasa@pheniscidae.tvnetwork.hu> wrote:
From: SZALAY Attila <sasa@pheniscidae.tvnetwork.hu> Subject: Re: [syslog-ng] syslog-ng premium "$HOST" issue To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Friday, July 17, 2009, 11:15 AM Hi!
On Thu, 2009-07-16 at 20:25 -0700, Arya, Manish Kumar wrote:
Hi,
template("'$HOST'|'$FACILITY'|'$PRIORITY'|'$PROGRAM'|'$MONTH $DAY$ $YEAR $HOUR:$MIN:$SEC'|'$MSGONLY'\n"));
but here in $HOST I am getting name of central syslog server instead of actual host.
While in ver 1.6.5 it appears correct using same template on events coming from 4 collectors.
is there version incompatibility or some bug in ver 3.0.2a
Maybe we can call it version incompatibility. There is an option called keep_hostname. IIRC the default of this option is changed from True to False. If you set it to true, you could get the behavior you want.
You should add "keep_hostname(yes);" to the option section.
-----Inline Attachment Follows-----
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
oops this forked to another issue ;-) now actual hostnames are getting inserted in oracle db, so syslog-ng premium is counting these hostnames against license limits :-( we have 2 more offical licenses for 50 hosts I fear this is not going to work for us :( we have thousands of hosts in our network. any idea of cost for unlimited hosts license ? --- On Fri, 7/17/09, Arya, Manish Kumar <m.arya@yahoo.com> wrote:
From: Arya, Manish Kumar <m.arya@yahoo.com> Subject: Re: [syslog-ng] syslog-ng premium "$HOST" issue To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Friday, July 17, 2009, 11:32 AM
perfect :-) its working fine now
--- On Fri, 7/17/09, SZALAY Attila <sasa@pheniscidae.tvnetwork.hu> wrote:
From: SZALAY Attila <sasa@pheniscidae.tvnetwork.hu> Subject: Re: [syslog-ng] syslog-ng premium "$HOST" issue To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Friday, July 17, 2009, 11:15 AM Hi!
On Thu, 2009-07-16 at 20:25 -0700, Arya, Manish Kumar wrote:
Hi,
template("'$HOST'|'$FACILITY'|'$PRIORITY'|'$PROGRAM'|'$MONTH
$DAY$ $YEAR $HOUR:$MIN:$SEC'|'$MSGONLY'\n"));
but here in $HOST I am getting name of central syslog server instead of actual host.
While in ver 1.6.5 it appears correct using same template on events coming from 4 collectors.
is there version incompatibility or some bug in ver 3.0.2a
Maybe we can call it version incompatibility. There is an option called keep_hostname. IIRC the default of this option is changed from True to False. If you set it to true, you could get the behavior you want.
You should add "keep_hostname(yes);" to the option section.
-----Inline Attachment Follows-----
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Arya, Manish Kumar
-
SZALAY Attila