[syslog-ng] rhost field

ken.schweiker at faa.gov ken.schweiker at faa.gov
Wed Dec 28 21:45:30 CET 2005





Thanks. Meanwhile I finally read the bottom of these responses and went to
www.campin.net/syslog-ng/faq.html. It was very helpful!

It explained the header problem I think .....
Many syslog programs, when configured to relay messages on to another
syslog program on another host, will leave out certain parts of the syslog
message - complicating proper identification of certain fields.
....and......
The sysklogd program used as a syslog server for many Linux distributions
also leaves out fields. It leaves out the time/date information and the
hostname information (the entire "header").

So it sounds like I'll have to install syslog-ng on all the downstream
servers also. Thanks.





On Wed, Dec 28, 2005 at 01:45:26PM -0500, ken.schweiker at faa.gov wrote:
>
> options { keep_hostname(no); use_dns(no); sync(0); };\

Turn off long hostnames and you should start seeing the remote IP in the
logs:

long_hostnames(off);

See this URL for hostname options:

 http://www.campin.net/syslog-ng/faq.html#hostname

Keep the use_dns(no) since you want IP's.
--
Nate

"A computer will do what you tell it to do, but that may be much
different from what you had in mind." - JOSEPH WEIZENBAUM, quoted in
Time

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html



More information about the syslog-ng mailing list