[syslog-ng] rhost field

Balazs Scheidler bazsi at balabit.hu
Wed Dec 28 17:39:42 CET 2005

On Wed, 2005-12-28 at 10:28 -0500, ken.schweiker at faa.gov wrote:
> I hope someone can answer a few basic questions to help with my previously
> described problem. Since I have not used syslog before....
> Is the rhost field where I should see some value? specifically the
> originating ip address of the msg.?
>       my field is blank.
> Does anyone else use the version 1.6.2. and not have this problem?

Uh huh, you mean the rhost field _inside_ the message part?

Dec 23 17:50:12 suselog/suselog su(pam_unix)[13205]: authentication failure; logname=syss555 uid=500 euid=0 tty=pts/4 ruser=syss555 rhost= user=root

In this case this has nothing to do with syslog-ng as it never touches 
the message itself (e.g. anything after the hostname in the header 
suselog/suselog in the case above)

More information about the syslog-ng mailing list