[syslog-ng]RE: syslog-ng digest, Vol 1 #1042 - 12 msgs
Jay Davis
syslog-ng@lists.balabit.hu
Mon, 27 Oct 2003 08:07:31 -0500
This may be a bit late, but I am doing exactly the same thing you need
with network devices. I doubt you want chain_hostnames. This just puts
the chain of hostnames with the path (hosts) that the message has passed
through. We log to several (load balanced) dedicated syslog hosts, which
then forward the messages to an event management system. We also use
syslog-ng to then forward all messages to a central syslog system that
we have simple Web apps to peruse the messages. This last part will soon
be an applicance (can't mention the vendor). I have found that the
syslog-ng.conf.doc file in the contrib directory will have everything
you could possibly need to know about syslog-ng. Plus the very smart
peeps that read this listserv. Here are my options. I certainly hope
this helps. If you need to feel free to give me a shout.=20
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (yes);
dns_cache_size(1000);
dns_cache_expire_failed(5);
use_fqdn (no);
create_dirs (no);
perm(644);
keep_hostname (yes);
};
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3DChristians Part. ( Cut and paste job. )
My little brainless syslog-ng.conf below NEEDS the one option you see or
else the log file will refer to host as=20
"src@myhostname" instead of just "myhostname".
Please explain a little better what chain_hostnames
does/means and why it fixes this problem.
Is there some other simpler way to fix aforementioned
problem??
options {chain_hostnames(no);};
source src {unix-stream("/dev/log"); pipe("/proc/kmsg");
internal();};
destination dest {file("/var/log/messages");};
log {source(src); destination(dest);};
Christian Seberino, Ph.D.
SPAWAR Systems Center San Diego
Code 2872
49258 Mills Street, Room 158
San Diego, CA 92152-5385
U.S.A.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D