[syslog-ng] rhost field
Balazs Scheidler
bazsi at balabit.hu
Wed Dec 28 17:39:42 CET 2005
On Wed, 2005-12-28 at 10:28 -0500, ken.schweiker at faa.gov wrote:
>
>
>
> I hope someone can answer a few basic questions to help with my previously
> described problem. Since I have not used syslog before....
>
> Is the rhost field where I should see some value? specifically the
> originating ip address of the msg.?
> my field is blank.
> Does anyone else use the version 1.6.2. and not have this problem?
Uh huh, you mean the rhost field _inside_ the message part?
Dec 23 17:50:12 suselog/suselog su(pam_unix)[13205]: authentication failure; logname=syss555 uid=500 euid=0 tty=pts/4 ruser=syss555 rhost= user=root
In this case this has nothing to do with syslog-ng as it never touches
the message itself (e.g. anything after the hostname in the header
suselog/suselog in the case above)
--
Bazsi
More information about the syslog-ng
mailing list