[syslog-ng] Removal of forwarder hostname ??
Balazs Scheidler
bazsi at balabit.hu
Mon Jan 23 10:05:27 CET 2006
The timestamp is not a valid BSD syslog timestamp, therefore syslog-ng
does not recognize it as a BSD syslog entry, adding its own header.
Support for this timestamp could be added to syslog-ng though (log.c,
parse_log_msg() function).
Too bad this is different from the message format used by Cisco PIX as
that is already supported.
On Sat, 2006-01-21 at 14:36 +0000, krishna y wrote:
>
> Hi,
>
> I have configured the Syslog-ng in HPUX and forwarding the messages to
> Ciscoworks
> The original message to Syslog-NG is as following:
>
> Jan 20 12:44:32 SYSNG.it.net CiscoDev01 7366: Jan 20 12:44:31.526 GMT:
> %SYS-5-CONFIG_I: Configured from 192.168.100.10 by snmp
>
> While forwarding to other syslog server, Syslog-NG is adding it's own
> host name to the message and sending as below:
>
> Jan 20 12:44:32 SYSNG.it.net CiscoDev01 7366: Jan 20 12:44:31.526 GMT:
> %SYS-5-CONFIG_I: Configured from 192.168.100.10 by snmp
>
> (Note:SYSNG.it.net = HostName of Syslog-ng server, CiscoDev01=Device
> hostName)
>
> The final syslog Server(Ciscoworks) is not treating the message is as
> from the CiscoDev01.There's no use of running script in Ciscoworks box
> to remove the entry of SYSNG.it.net. It has to be done before
> receiving the message
>
> How to avoid this at Syslog-NG level? Tried the following options, but
> no luck:
> keep_hostname(yes);
> chain_hostnames(no);
> long_hostnames(no);
>
> Please let me know the procedure not to append the hostname of the
> Syslog-NG to the message.
>
>
> Thanks in advance,
> Krishna Y
>
>
>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
--
Bazsi
More information about the syslog-ng
mailing list