[syslog-ng] host name treatment

[Harry Hoffman]

Hey Russell,

This can usually be corrected by forcing the use of tcp as opposed to udp.

It doesn't work for all instances, I still haven't figured out why :-(

Cheers,
Harry

Russell Fulton wrote:
> Here are the options that we are using:
> 
> options {
>     sync (0);
>     time_reopen (10);
>     log_fifo_size (5000);
>     long_hostnames (on);
>     use_dns (yes);
>     use_fqdn (yes);
>     create_dirs (yes);
> };
> 
> And for the most part things are working as we would expect, but a few
> of our client hosts insist in putting stuff in the host field of the
> syslog records and this is turning up in the HOST variable rather that
> the domain name of the source system.  Originally we had keep_hostname
> (yes) so this was the expected behaviour.  I have now changed the config
> file and restarted syslog-ng but it is still writing to the records to a
> file with the hostname in the packets.
> 
> I have verified that I have edited the right file by then turning off
> use_fqdn  for a few seconds and seeing all the new directories turn up
> in the log directory (I've lost count of the time that I have spent
> hours tearing my hair out because I've edited the wrong copy of the file :)
> 
> This issue is causing real problems for us because we have some crappy
> monitoring software on our Solaris boxes which generates syslog records
> with "SRS" in the host field regardless of what the host name is and we
> have about 10 of these machines so all the records end up in one file on
> the central server and we can't tell which they are coming from.  I'd
> rather not chain host names which would seem to be the other solution.
> 
> We are running syslog-ng-2.0rc1 according to the source file.
> 
> 
> Cheers, Russell
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>