[syslog-ng]Recording relay instance

[Hamilton, Andrew]

Probably the closest thing to that right now is chain_hostnames(on) as a
global option.  You don't get what you really want but you get something
like:

20 June 2003 12:00:00 relay/host program:.....

as a hostname you get both the host it came through and the host it
originated from.  There isn't a macro defined for relay but you could
probably hack the code for chain_hostnames to give you a relay.  The only
trouble would be figuring it out if you have more than one relay.

-----Original Message-----
From: Michael Boman [mailto:michael.boman@securecirt.com]
Sent: Friday, June 20, 2003 6:58 AM
To: Syslog-NG ML
Subject: [syslog-ng]Recording relay instance


Hi,

I have some "problems" with syslog-ng. I have it deployed in several
networks, and some of these networks are sharing the same IP address
range and sometimes even the same IP address for certain hosts. This
means that I can't truly say that 192.168.51.4 is either the db server
in network A or the web server in network B.

I'd like to have a $RELAY macro so I can save the logs as

/LOGS/$RELAY/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$YEAR_$MONTH_$DAY

Where $RELAY is where the message came from (so with direct connections
it would be the same as $HOST, but with a syslog-ng in relay mode you
get the address/name of the relay host). Basically a "received from"
field.

Is this functionality planned, or does it already exist (checked out the
documentation but didn't see anything there).

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT Pte Ltd
http://www.securecirt.com