Hi! I would like to log several computer which are behind nat. The problem is i cannot find the right metod to log by the hostname not by the ip reverse name from where the packets come. But i got this: Oct 1 02:34:27 external ip/external ip Is there a possibility to devide the logs by the original hostname? thx
if the records received by syslog-ng contain the host name it will use this by default. The answer my lie in how you configure syslog on the hosts themselves. From memory syslog-ng uses the host name info in the packets by default. Russell Istvan Szukacs wrote:
Hi!
I would like to log several computer which are behind nat. The problem is i cannot find the right metod to log by the hostname not by the ip reverse name from where the packets come.
But i got this:
Oct 1 02:34:27 external ip/external ip
Is there a possibility to devide the logs by the original hostname?
thx _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Depending how how your syslog-ng file is set up and assuming that the syslog data received is only IP address, I would make sure your DNS is setup correctly. Make sure all hosts have both forward and reverse entries in your DNS servers. That's how my implemenation is working. As long as my host have a reverse entry in DNS, syslog-ng is logging by name. Chris On 10/4/06, Russell Fulton <r.fulton@auckland.ac.nz> wrote:
if the records received by syslog-ng contain the host name it will use this by default. The answer my lie in how you configure syslog on the hosts themselves. From memory syslog-ng uses the host name info in the packets by default.
Russell
Istvan Szukacs wrote:
Hi!
I would like to log several computer which are behind nat. The problem is i cannot find the right metod to log by the hostname not by the ip reverse name from where the packets come.
But i got this:
Oct 1 02:34:27 external ip/external ip
Is there a possibility to devide the logs by the original hostname?
thx _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Wed, Oct 04, 2006 at 01:47:58PM +0200, Istvan Szukacs wrote:
Hi!
I would like to log several computer which are behind nat. The problem is i cannot find the right metod to log by the hostname not by the ip reverse name from where the packets come.
But i got this:
Oct 1 02:34:27 external ip/external ip
Is there a possibility to devide the logs by the original hostname?
Most syslog implementations don't send the hostname in the syslog message over the network. http://www.campin.net/syslog-ng/syslog.html#problems If you have syslog-ng on the clients behind the NAT gateway, set keep_hostname(yes) on the central syslog server. http://www.campin.net/syslog-ng/faq.html#hostname -- Nate "Let us endeavour to live that when we come to die even the undertaker will be sorry." - Pudd'nhead Wilson's Calendar(1894) - Samuel Clemens
participants (4)
-
Istvan Szukacs
-
Nate Campi
-
Russell Fulton
-
sawall