[syslog-ng]re-writing hostnames before sending over TCP

[Thomas Morin]

Quote nate <syslog-ng@aphroland.org>:
 | 
 | thanks! yep that seemed to work(changing /etc/hosts), I thought about it
 | yesterday but didn't try it..but it looks like the log4j stuff isn't good
 | enough, it's not obeying the configuration 100% which makes it very
 | difficult
 | to filter(I set it to log to facility local6 but a buncha stuff still
 | comes
 | through using the facility user, also I am having it preappend some text
 | for filtering further, but that preappend doesn't occur on all entries),
 | so looks like I won't be able to use syslog for log4j. was worth a shot
 | at least, had high hopes! thanks again for the quick response

Well, what happens is that log4j uses the conversion pattern for the main part
of a message, but doesn't use it for appending the information related to a
throwable (java exception) given with the log message. I guess that this is
what is happening to you. Where I work, we have adapted the SyslogAppender
(inheriting from it, with an adapted append method, that adds a NULL chars in
the end of the messages (to work around a bug in syslog-ng)); you could very
well adapt it also to preprend something to the messages.

-Thomas