I watched with interest the small discussion that I started on the mailing list, but it never really reached a good conclusion. I would really appreciate it if you could clarify a couple things....

When a syslog message arrives via UDP, can't you just record the IP address of the host that sent it? Or is this somehow the job of the device that is sending logs, to send it's hostname along? I am still trying to figure out why when our Riverstone routers send logs, there is no device name or IP address recorded. Our NOC engineers can't tell what device sent the message...

there are the following options to control hostname generation. keep_hostname() chain_hostname() keep_hostname tells syslog-ng not to modify received hostname field. if keep_hostname is off, it always overwrites received hostname, if chain_hostnames() if on, it appends the hostname the message was received from to the hostname, otherwise it replaces the received value. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1