[syslog-ng]Losing Original Information from Forwarded syslog Messages
Balazs Scheidler
bazsi@balabit.hu
Tue, 12 Sep 2000 10:47:40 +0200
On Mon, Sep 11, 2000 at 10:10:00AM -0400, John A. Parker wrote:
> We are using syslog-ng on an AIX system as the collection point for a large
> network of IBM, Sun, and "communication device" systems. In addition to
> logging the received messages, syslog-ng forwards all messages on to named
> pipes which are monitored by a daemon whose task it is to "real-time" watch
> for "configurable" activity. (e.g.: "connection refused" messages from a
> single external system occurring on multiple of our systems, etc.) All of
> this is working just fine.
>
> We have one Sun server which acts as the focus for message from our CISCO
> routers. That server forwards its messages on to our central syslog-ng
> server. We now want to watch for failure condition messages from those
> communication devices, making use of the daemon already in place. What
> we're faced with though is the stripping of the original source detail when
> the Sun box's syslogd forwards the message.
>
> As example of what we're facing, please see below the source substitution
> performed by syslogd on the forward.
>
> The original message (obviously with a bogus hostname) as logged on
> the Sun server is:
>
> Sep 11 09:42:01 dddd.ddd.ddd.ddd 2939: Sep 11 09:41:59 EDT:
> %LINK-4-ERROR: FastEthernet0/7 is experiencing errors
>
> While that received by syslog-ng in the AIX system is:
>
> Sep 11 09:40:57 ssss.sss.sss.sss 2939: Sep 11 09:41:59 EDT:
> %LINK-4-ERROR: FastEthernet0/7 is experiencing errors
>
>
> My question is this: Is there a way to configure syslogd or syslog-ng so
> that the entire original message is forwarded?
enable the chain_hostnames option in syslog-ng. it'll change the log format,
but information is not lost. alternatively you could use the keep_hostname()
option, in which case hostnames are not touched by syslog-ng.
options { keep_hostname(yes); };
or
options { chain_hostnames(yes); };
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt