[syslog-ng]replacing part of prog name with hostname
Nate Campi
nate@campin.net
Thu, 2 Jan 2003 15:21:56 -0800
On Thu, Jan 02, 2003 at 10:43:45AM +0100, Balazs Scheidler wrote:
>
> the problem is ctlds sends a space in the program name tag, thus syslog-ng
> interprets 'ctlds' as hostname and '6.0' as program name. as
> keep_hostname() is set to no it rewrites originating host name.
>
> Try setting keep_hostname() to yes, it will not touch the hostname then.
Right but "ctlds" isn't the hostname, larry is. My logs are wrong either
way - I either lose half my program name or get the wrong hostname.
Either way I lose.
Arg, I actually wrote my own syslog daemon to relay and rewrite all
these last year. The only way to fix this with syslog-ng would be to add
a feature like
options {
bad_hostnames("ctlds","last");
};
When syslog-ng sees either of these:
Jan 2 15:06:47 ctlds 6.0[11718]: [0] Request error (500): Template processing error
Jan 2 15:06:47 last message repeated 123 times
It knows to actually shift the message over one place to the right and
stick the value of the $FULLHOST_FROM macro in there. Even if I tried
templating out the message on my own syslog-ng will still think that
"ctlds" or "last" isn't part of the message and it'll get lost.
--
Nate Campi http://www.campin.net
Radioactive cats have 18 half-lives.