[syslog-ng] rhost field

Nate Campi nate at campin.net
Wed Dec 28 22:03:26 CET 2005

On Wed, Dec 28, 2005 at 03:45:30PM -0500, ken.schweiker at faa.gov wrote:
> Thanks. Meanwhile I finally read the bottom of these responses and went to
> www.campin.net/syslog-ng/faq.html. It was very helpful!
> It explained the header problem I think .....
> Many syslog programs, when configured to relay messages on to another
> syslog program on another host, will leave out certain parts of the syslog
> message - complicating proper identification of certain fields.
> ....and......
> The sysklogd program used as a syslog server for many Linux distributions
> also leaves out fields. It leaves out the time/date information and the
> hostname information (the entire "header").
> So it sounds like I'll have to install syslog-ng on all the downstream
> servers also. Thanks.

I'm glad you read that, but it might not really be clear enough on how
syslog-ng behaves in this situation.

What happens is that syslog-ng puts in a hostname based on the remote IP
or DNS name, and also uses the chained hostname format if configured to
do so. Don't bother putting syslog-ng everywhere just for that reason.

Let me know if this clears things up.

"The more I C, the less I see." 

More information about the syslog-ng mailing list