[syslog-ng]hostname on loghost

Hamilton, Andrew Mr RAYTHEON 5 SIG CMD HamiltonA@hq.5sigcmd.army.mil
Mon, 20 Aug 2001 06:57:36 +0200 

Nate,

In the options part using use_fqdn(yes) will give you the fully qualified
domain name.  There are other ways to do this as well.  Since 1 comes in tcp
and the other udp you could set up separate sources and base your
destinations on the sources, or something similar.  I would use the use_fqdn
option since I have the same problem as you except I have 7 ns1's.

regards,
Drew

-----Original Message-----
From: Nate Campi [mailto:nate@campi.cc]
Sent: Friday, August 17, 2001 10:17 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]hostname on loghost


I have about a hundred machines logging to a central syslog-ng loghost,
most over standard UDP, a handful relayed from a syslog-ng loghost (over
TCP) in a datacenter to the central loghost.

The problem I'm having is this: we have two hosts named ns1 (who could
imagine that?). The first logs over UDP (solaris 8) to the central
loghost. I decided to put the second (hostname is configured as ns1.sjc,
running - solaris 2.6) logging from syslog-ng over TCP to the loghost. I've
always had good luck with the syslog-ng TCP connections keeping the hostname
as sent from the TCP client syslog-ng.

This time, though, the messages both on the TCP client and central
syslog-ng server report the host as ns1. I want it to be ns1.sjc, and
the two hosts will log differently, and archive differently. I archive
with lines like this:

file("/var/log/HOSTS/$HOST/$FACILITY/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$
DAY"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };

log { source(src); destination(hosts); };

So it's critical that I get a different hostname for the two hosts. Can
I somehow set the hostname for syslog-ng to log as? `hostname` reports
ns1.sjc on the host, so why can't I use that?

I've mucked around with options like keep_hostname and long_hostnames
but they just seem to stick the "source" name on the messages, not what
I need.

Any ideas?
-- 
	Nate

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng