[syslog-ng] host name treatment
Russell Fulton
r.fulton at auckland.ac.nz
Fri Aug 25 20:52:22 CEST 2006
Balazs Scheidler wrote:
>> And for the most part things are working as we would expect, but a few
>> of our client hosts insist in putting stuff in the host field of the
>> syslog records and this is turning up in the HOST variable rather that
>> the domain name of the source system. Originally we had keep_hostname
>> (yes) so this was the expected behaviour. I have now changed the config
>> file and restarted syslog-ng but it is still writing to the records to a
>> file with the hostname in the packets.
>
> hmm.. with the keep_hostname(no) setting, syslog-ng should always
> reverse resolve the sending IP address, so it should have a proper
> hostname in it as long as your DNS/hosts file is ok.
>
hmmm... indeed. changing the macro in the file name template from HOST
to HOST_FROM resolved the issue for us. We are still using HOST in the
record template and that is still showing SRS.
If I get time I'll do some more experimenting in the lab to see if I can
figure out exactly what is going on. In particular to make sure that it
isn't something stupid that I am doing.
Anyone know of a script that will put together syslog packets for test
purposes?
Cheers, Russell
More information about the syslog-ng
mailing list