[syslog-ng] rhost field

ken.schweiker at faa.gov ken.schweiker at faa.gov
Wed Dec 28 21:45:30 CET 2005

Thanks. Meanwhile I finally read the bottom of these responses and went to
www.campin.net/syslog-ng/faq.html. It was very helpful!

It explained the header problem I think .....
Many syslog programs, when configured to relay messages on to another
syslog program on another host, will leave out certain parts of the syslog
message - complicating proper identification of certain fields.
The sysklogd program used as a syslog server for many Linux distributions
also leaves out fields. It leaves out the time/date information and the
hostname information (the entire "header").

So it sounds like I'll have to install syslog-ng on all the downstream
servers also. Thanks.

On Wed, Dec 28, 2005 at 01:45:26PM -0500, ken.schweiker at faa.gov wrote:
> options { keep_hostname(no); use_dns(no); sync(0); };\

Turn off long hostnames and you should start seeing the remote IP in the


See this URL for hostname options:


Keep the use_dns(no) since you want IP's.

"A computer will do what you tell it to do, but that may be much
different from what you had in mind." - JOSEPH WEIZENBAUM, quoted in

syslog-ng maillist  -  syslog-ng at lists.balabit.hu
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list