[syslog-ng] Delay writing to files SOLVED!!!
Balazs Scheidler
bazsi at balabit.hu
Wed Dec 28 17:59:57 CET 2005
On Wed, 2005-12-28 at 08:57 -0800, Paolo Supino wrote:
> Hi
>
> Even thoguh thi never happened to anyone (acheiving uniqueness is
> hard work ;-)) I think that it's worth mentioning somewhere that when
> using host directive in a filter the name used must be the same as the
> name of te sending server....
it depends. the host() directive matches the host part in the message
which might have been rewritten by syslog-ng according to various
options keep_hostname(), use_dns() and of course similar options by the
sender server.
If the whole chain of syslog relays keep the hostname part intact then
you might be able to filter based on the original host name, but of
course this requires some trust in the relays as nothing authenticates
the hostname there.
--
Bazsi
More information about the syslog-ng
mailing list