[syslog-ng]chain_hostname(yes) complicates use of $HOST varia ble

Hamilton, Andrew Mr. HamiltonA@hq.5sigcmd.army.mil
Thu, 14 Sep 2000 13:45:22 +0200 

I use syslog-ng on Solaris 7 but before that I used it on 2.6.  I do
something very similar to what you are doing in that I log my cisco stuff to
local7 as well.  I haven't had any problems with it at all.  All the cisco
stuff goes where it should.  I would have to look at the config file to see
if there  is something wrong there.  Your source statement is identical to
mine so that seems OK.  I don't use chain_hostname() because I don't
particularly care where it came through I only want to know where it came
from so I use keep_hostname(yes).  This keeps only the originating hostname.
Hope this helps some.

Drew

> -----Original Message-----
> From:	John A. Parker [SMTP:jap54@cornell.edu]
> Sent:	Thursday, September 14, 2000 12:55 PM
> To:	syslog-ng@lists.balabit.hu
> Subject:	[syslog-ng]chain_hostname(yes) complicates use of $HOST
> variable
> 
> Per the extracts from our syslog-ng.conf file shown below, our syslog
> server logs messages to machine specific locations based on the sourcing
> host name. After turning on the chain_hostnames option, the host name
> value in log messages now appear as concatenations of strings. For the
> most part they appear similar to:
> 
> aaaa.bbbb.cornell.edu/aaaa.bbbb.cornell.edu
> 
> Messages like the above are still logged correctly. However, we now also
> get messages in the formats:
> 
> src@aaaa
> 
> and
> 
> Message/aaaa.bbbb.cornell.edu
> last/aaaa.bbbb.cornell.edu
> 
> The first message (src delimited by an ampersand) is logged correctly.
> However, the messages prefixed by Message and last are logged to the
> directories /logs/machine_specific/Message and
> /logs/machine_specific/last.
> 
> Is there a variable other than $HOST I should be using when the
> chain_hostnames option is enabled? 
> 
> Thanks!
> 
> ##########################################################################
> #############
> 
> options { long_hostnames(off);
>           use_fqdn(yes);
>           log_fifo_size(1000);
>           chain_hostnames(yes); };
>  
> source src { unix-dgram("/dev/log"); internal(); udp(ip(0.0.0.0)
> port(514)); };
>  
> destination d_all_ms
>               {
> file("/logs/machine_specific/$HOST/all.$LEVEL.$YEAR$MONTH$DAY"
>                 group(systems) perm(0664) dir_perm(0664) create_dirs(yes)
> );};
>  
> # NO CISCO (local7) messages:
> filter f_no_cisco { not facility(local7); };
>  
> # Forward all messages to machine specific log monitored by system admins
> log { source(src);
>       filter(f_no_cisco);
>       destination(d_all_ms);
>     };
> 
> ##########################################################################
> #############
> 
> 
> 
> ---
> 
> John A. Parker        Senior Programmer/Analyst - AIX      Cornell
> University
> jap54@cornell.edu   607-255-9356  607-255-8521 (Fax)