[syslog-ng]re-writing hostnames before sending over TCP

nate syslog-ng@lists.balabit.hu
Wed, 29 Oct 2003 15:04:44 -0800 (PST)


Thomas Morin said:

> I believe that syslog-ng, when no hostname is provided in the message
> itself,
> creates a hostname by re(ver)solving the IP. Perhaps 127.0.0.1 (source IP of
> the message) is just resolving back to plain 'localhost' and this is what
> your syslog-ng logs. In this case you could just tweak your /etc/hosts to
> make
> 127.0.0.1 resolve back to the hostname you want instead of localhost.
>
> Otherwise, you may try to adapt the conversion pattern of the log4j syslog
> appender to include the hostname, but you may end up in a situation where
> you
> have to make some java code to generate the conversion pattern (there is no
> %"something" that gives the hostname...).

thanks! yep that seemed to work(changing /etc/hosts), I thought about it
yesterday but didn't try it..but it looks like the log4j stuff isn't good
enough, it's not obeying the configuration 100% which makes it very difficult
to filter(I set it to log to facility local6 but a buncha stuff still comes
through using the facility user, also I am having it preappend some text
for filtering further, but that preappend doesn't occur on all entries),
so looks like I won't be able to use syslog for log4j. was worth a shot
at least, had high hopes! thanks again for the quick response

nate