[syslog-ng]Syslog Chaining doesn't work as expected

Wiktor Wodecki wodecki@wapme-systems.de
Fri, 23 Mar 2001 12:04:38 +0100 

Hello folks,

I've got a problem with chaining syslog messages. Basically I try to
forward syslog messages via a host to our loggingserver, but the
loggingserver doesn't get that's it's from an other host and not the
"forwarder". Here is my setup:

LOGGINSERVER (valid IP adress)
|
|
GATESERVER (valid IP adress + internal 192.x.x.x adress on second nic)
|
|
SERVER (internet IP)

Gateserver and Server both shall log to LOGGINGSERVER. This is my
logserver setup:

options { long_hostnames(yes); sync(0); time_reap(1);
use_time_recvd(yes); use_dns(yes); use_fqdn(yes); create_dirs(yes);
log_fifo_size(10000); chain_hostnames(no); };

source frontier { tcp(ip(xx.xxx.x.xxx) port(540) max-connections (20));
}
destination blackhole { file("/var/log/frontier/$YEAR$MONTH/$HOST"); };
log { source(frontier); destination(blackhole); }

as you see it logs everything from a connecting host to an own file.

If I forward the logs from SERVER via GATESERVER, the loggingserver
writes all logfiles of SERVER to the logfile of GATESERVER since it sees
it coming from the IP. That's correct and that's how it supposed to work
(documentation).

now if I switch the option chain_hostnames to yes it does what I want,
it writes an own logfile for SERVER. However, it stops writing fqdn's
and start writing the logs with the canonical name of the machines. An
example:

Before I turn chain_hostnames to yes it logs file from the machine
abc.de.fg to a file called "abc.de.fg" - If I turn the option on it
starts logging to the file "abc". Since I have many machines with the
same name but with different fqdn's I can't use that. Since I've turned
on logn_hostnames and use_fqdn I'm a bit curious what to do. Is this a
bug or did I miss an option in the docs? All hosts are in /etc/hosts on
the Loggingserver and all three machines use current stable release
1.4.11.

Thanks in advance for the help

-- 
Regards,

Wiktor Wodecki, Unix Administration | Wapme-Systems AG
Tel.: +49-211-748450 | Muensterstrasse 248
Fax: +49-211-74845176 | 40470 Duesseldorf
E-Mail: wodecki@wapme-systems.de | http://www.wapme-systems.de
1024/E22253B9 084C 7950 4D65 0E92 46D1 48AF F3F7 3201 E222 53B9