[syslog-ng]chain_hostname(yes) complicates use of $HOST variable
Balazs Scheidler
bazsi@balabit.hu
Mon, 18 Sep 2000 16:07:22 +0200
> I wasn't, but grabbed and installed the bison package and rebuilt and
> installed the syslog-ng package this morning. I get the same error. Before
> we spend a lot of time on this though, how will messages look different
> using keep_hostnames vs chain_hostnames? Will using keep_hostnames get rid
> of the logging problem I first reported due to src, Message, and last being
> prepended to the messages?
When syslog-ng receives a message it tries to rewrite the hostname it
contains unless keep_hostname is true. If the hostname is to be rewritten
(e.g. keep_hostname is false), it checks whether chain_hostnames (or
long_hostname which is an alias for chain_hostnames) is true. If
chain_hostnames is true, the name of the host syslog-ng received the message
from is appended to the hostname, otherwise it's replaced.
So if you have a message which has hostname "server", and which resolves to
"server2", the following happens:
keep_hostname(yes) keep_hostname(no)
chain_hostname(yes) server server/server2
chain_hostname(no) server server2
I hope this makes things clear.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt