[syslog-ng] Preserving the Source device attributes while forwarding messages
Balazs Scheidler
bazsi@balabit.hu
Wed, 29 Dec 1999 22:54:05 +0100
On Wed, Dec 22, 1999 at 10:38:34AM -0800, Ofer_Aaronson@amat.com wrote:
> Hello ,
>
> I'm a new member of this list and trying to forward messages by invoking a
> logger command :
>
> The following is an example of a message received at the NMS system .
>
> Source Message
> temp00r1 %LINK-3-UPDOWN: Interface BRI1/3:1, changed state to down
>
> It would automatically invoke a logger command :
>
> % logger -p local7.notice -t temp00r1 %LINK-3-UPDOWN: Interface BRI1/3:1,
> changed state to down
>
> This command is run on hostname: Host-A
>
> The syslog-ng.conf file on Host-A looks like :
>
> options { long_hostname(off); };
> destination temp00r1{ udp("Host-B" port(514)); };
> filter temp00r1 { program("temp00r1"); };
> log ( source(local); filter(temp00r1); destination(temp00r1); };
>
> The above 'logger' command is received at "Host-B" host the follows :
>
> Date IP Host Facility Priority Message
> Time Address Name
> Source Source
> ------------------------------------------------------------------------------------------------------------------------
> 12/22/99 2:19 Host-A's IP Host-A LOCAL7 NOTICE Dec 22 2:18:37 Host-A
> temp00r1: %LINK-3-UPDOWN: Interface BRI1/3:1, changed state to down
>
> The desired received message would be :
>
> 12/22/99 2:19 temp00r1's IP temp00r1 LOCAL7 NOTICE Dec 22 2:18:37
> temp00r1 %LINK-3-UPDOWN: Interface BRI1/3:1, changed state to down
>
>
Syslog-ng simply replaces the received hostname with the name of the host,
it received the message from. If you want to know the originating host, turn
on chain_hostnames() (long_hostnames() in earlier versions).
I may add an option to syslog-ng to prevent overriding source hostname if
chain_hostnames() is off.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt