[syslog-ng] RE: Removal of forwarder hostname ??

Mon Jan 23 22:00:26 CET 2006

Hi Mike,

Thanks for ur reply. It's working now with the option spoof_source
It requires libnet also to use this option while compilation.
Installed libnet and used the following:
./configure --with-libnet=path_of_libnet-conf --enable-spoof-source

Thanks for ur help,
Krishna Y

On Mon, 23 Jan 2006 Michael Gehrmann wrote :
>Hi,
>
>What you are looking for is a compiled option: --enable-spoof-source
>
>You can then enable it in your syslog-ng.conf using the option per destination e.g. destination syslogbox { udp("X.X.X.X" port(514) spoof_source(yes)); };
>
>Regards
>Mike
>
>Message: 1
>Date: 21 Jan 2006 14:36:50 -0000
> From: "krishna  y" <krish_bvrm at rediffmail.com>
>Subject: [syslog-ng] Removal of forwarder hostname ??
>To: syslog-ng at lists.balabit.hu
>Message-ID: <20060121143650.19410.qmail at webmail8.rediffmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>
>Hi,
>
>I have configured the Syslog-ng in HPUX and forwarding the messages to Ciscoworks The original message to Syslog-NG is as following:
>
>Jan 20 12:44:32 SYSNG.it.net CiscoDev01 7366: Jan 20 12:44:31.526 GMT: %SYS-5-CONFIG_I: Configured from 192.168.100.10 by snmp
>
>While forwarding to other syslog server, Syslog-NG is adding it's own host name to the message and sending as below:
>
>Jan 20 12:44:32 SYSNG.it.net CiscoDev01 7366: Jan 20 12:44:31.526 GMT: %SYS-5-CONFIG_I: Configured from 192.168.100.10 by snmp
>
>(Note:SYSNG.it.net = HostName of Syslog-ng server, CiscoDev01=Device hostName)
>
>The final syslog Server(Ciscoworks) is not treating the message is as from the CiscoDev01.There's no use of running script in Ciscoworks box to remove the entry of SYSNG.it.net. It has to be done before receiving the message
>
>How to avoid this at Syslog-NG level? Tried the following options, but no luck: keep_hostname(yes); chain_hostnames(no); long_hostnames(no);
>
>Please let me know the procedure not to append the hostname of the Syslog-NG to the message.
>
>
>Thanks in advance,
>Krishna Y
>
>--------------------------------------------------------
>
>This email and associated attachments may contain confidential and privileged CITEC information that is provided solely for the use of the intended addressee. Views and opinions expressed in this email are those of the individual sender and are not necessarily the views and opinions of CITEC unless the sender expressly states that such views and opinions are those of CITEC. The privilege and confidentiality associated with this email and attachments will not be waived, lost or rescinded by reason of mistaken delivery. Should you receive this email by mistake, please notify the sender by return email then delete the email from your computer system. You must not use, copy, modify, print, or distribute the email or the information and attachments contained within same to any third party. CITEC does not accept any liability in respect of viruses or computer problems experienced by the recipient through access gained to this email and its attachments.
>--------------------------------------------------------
>
>________________________________________________________________________
>This email has been scanned for viruses by the CITEC Email Anti-Virus service powered by MessageLabs. For more information on a proactive email anti-virus service working around the clock, around the globe, visit www.citec.com.au
>________________________________________________________________________
>_______________________________________________
>syslog-ng maillist  -  syslog-ng at lists.balabit.hu
>https://lists.balabit.hu/mailman/listinfo/syslog-ng
>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060123/25098c37/attachment.html