Selective application of keep-hostname()?
I have a use case where I need to selectively apply keep-hostname(yes) to messages from certain source IPs, while defaulting to keep-hostname(no) for the rest of my sources. I know I can apply this option on a per-source basis, but in this case I want to be able to selectively apply this option based on the source IP of the message. I'm trying to avoid having to set up an alternate port if I can. Thanks Steve
Hello, The keep-hostname cannot be applied based on message content. You could do exactly as you stated with multiple sources, or as an alternative use a rewrite to set hostname conditionally. First set keep-hostname to yes, and add a conditional *set* to use $HOST_FROM value. rewrite { set("$HOST_FROM" value("HOST") condition("${SOURCEIP}" eq "127.0.0.1")); }; -- Kokan ________________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Steve Bernacki <steve@copacetic.net> Sent: 29 November 2021 21:41 To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Selective application of keep-hostname()? CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. I have a use case where I need to selectively apply keep-hostname(yes) to messages from certain source IPs, while defaulting to keep-hostname(no) for the rest of my sources. I know I can apply this option on a per-source basis, but in this case I want to be able to selectively apply this option based on the source IP of the message. I'm trying to avoid having to set up an alternate port if I can. Thanks Steve ______________________________________________________________________________ Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cpeter.kokai%40oneidentity.com%7C38fe75a710404f01f4cc08d9b378a32c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637738152997971289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=StmreyM%2BOhehLZ3MnV5%2FuJD%2FK7Qpfqvk2Ce2LLjDBDI%3D&reserved=0 Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cpeter.kokai%40oneidentity.com%7C38fe75a710404f01f4cc08d9b378a32c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637738152997971289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zSZPhvZP7h6ccYseeUag%2FrUDA06eOWb0a3RQhCiNrNM%3D&reserved=0 FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cpeter.kokai%40oneidentity.com%7C38fe75a710404f01f4cc08d9b378a32c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637738152997971289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qkHvuxq5Tf9lJlhCkbeXieres4H1pKFXdPvvXsUxYQQ%3D&reserved=0
participants (2)
-
Peter Kokai (pkokai)
-
Steve Bernacki