[syslog-ng] Full hostname available when tunnelling through stunnel?

[Alexi Papaleonardos]

Hi folks.

We have some of our more important hosts reporting our central syslog-ng 
servers via stunnel.  The downside seems to be that only the first 
"word" (unqualified) of the hostname makes its way to the loghost.  
Because of an well-intentioned but annoying host naming policy, we have 
a number of hosts named things like web002.abc and web002.xyz.  It would 
seem that this causes log files to become intermingled.

Here is the line we are using in one of the destination statements:

file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY"

so both web002.abc and web002.xyz end up going to /var/log/HOSTS/web002/ 
.  We tried using $FULLHOST but instead of getting the value of hostname 
-f (at least on linux), like we hoped, we got something very strange, 
like s_sys at hostname, which evidently is trying to describe the chain of 
hosts the log message passed through (though we have no hosts named s or 
sys). 

Does anyone have experience or suggestions for getting around this 
problem?  Or perhaps there's a solution in a newer version of 
syslog-ng.  We are using syslog-ng 1.6.5 and libol 0.3.14.

Thanks!
Alexi