I have about a hundred machines logging to a central syslog-ng loghost, most over standard UDP, a handful relayed from a syslog-ng loghost (over TCP) in a datacenter to the central loghost. The problem I'm having is this: we have two hosts named ns1 (who could imagine that?). The first logs over UDP (solaris 8) to the central loghost. I decided to put the second (hostname is configured as ns1.sjc, running - solaris 2.6) logging from syslog-ng over TCP to the loghost. I've always had good luck with the syslog-ng TCP connections keeping the hostname as sent from the TCP client syslog-ng. This time, though, the messages both on the TCP client and central syslog-ng server report the host as ns1. I want it to be ns1.sjc, and the two hosts will log differently, and archive differently. I archive with lines like this: file("/var/log/HOSTS/$HOST/$FACILITY/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(src); destination(hosts); }; So it's critical that I get a different hostname for the two hosts. Can I somehow set the hostname for syslog-ng to log as? `hostname` reports ns1.sjc on the host, so why can't I use that? I've mucked around with options like keep_hostname and long_hostnames but they just seem to stick the "source" name on the messages, not what I need. Any ideas? -- Nate