[syslog-ng]re-writing hostnames before sending over TCP
nate
syslog-ng@lists.balabit.hu
Tue, 28 Oct 2003 18:10:04 -0800 (PST)
I am tryin to configure a semi-secure syslog setup. The primary
program that will be logging to it is java via log4j. log4j apparently
cannot log to a socket with syslog(as far as I can tell?) only to
a udp source, so I configured syslog-ng to bind to 127.0.0.1 on
port 514 tcp/udp and it recives the messages fine but the 'host'
that is being logged is localhost. I can re-write the log entries
using a template for local files but I can't seem to get it workin
for sending to a remote syslog server. No matter what options I
use it always ends up either localhost or 127.0.0.1 for the hostname.
One thing I haven't tried is setting up a filter on the remote server
using the host() option but I don't think it would work because the
host there would be localhost too not the host of the server sending
the message ?
is there a way to get syslog-ng to ignore the hostname that's in
the message itself and use the hostname/ip of the system that is
actually sending the message? or is there another way to accomplish
this while keeping syslog-ng bound to the loopback interface?
on the local server I also have syslog-ng logging everything to a file,
and without using the template all log entries from log4j also appear
as being from the host 'localhost'.
I suppose I could have log4j log directly to the remote server but
rather would use the local one as a buffer incase there is a network
problem or something.
using ssyslog-ng 1.5.26(on both systems). If I need to upgrade I
could ..
thanks!
nate