[syslog-ng] Hi Every Body - Host Name Rewrite Help!

Nasir, Meraz MNasir at INTERFAITHMEDICAL.com
Wed Jul 26 22:13:05 CEST 2006 

Hi
I don't create any local file to capture logs, everything piped to mysql
database so that I can query it using php-syslog-ng.


#####################################
options 
{
        group(logs);
        dir_group(logs);

        perm(0640);
        dir_perm(0750);
        create_dirs(yes);
        use_time_recvd(yes);      
                                  

        sync(0);                  

        use_fqdn(no);             
        stats (7200);             
        log_fifo_size(4096);      
        keep_hostname(yes);       
        chain_hostnames(no);      
        bad_hostname("gconfd");   
          
        gc_idle_threshold(500);    
        gc_busy_threshold(10000);

};
#############################################################

Issue: I maintain all the device entry on the hosts file, usually
syslog-ng rewrites hostname for the log source. For some reason it is
not able to rewrite host names for the logs that is generated from all
my APC devices.


Thanks,
Meraz
718.613.4661
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Alexander
Clouter
Sent: Wednesday, July 26, 2006 3:38 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Hi Every Body

Hi,

Sorry but this is not the greatest of support requests....

Nasir, Meraz <MNasir at INTERFAITHMEDICAL.com> [20060726 15:22:31 -0400]:
>
> Hi
> 
> Bellow is my Environment:
> 
> * Host: Linux version 2.6.9-5.ELsmp
(bhcompile at decompose.build.redhat.com) (gcc version 3.4.3 20041212 (Red
Hat 3.4.3-9.EL4)) #1 SMP Wed Jan 5 19:30:39 EST 2005
>
usually not relevant

> *	mysql  Ver 14.7 Distrib 4.1.7, for redhat-linux-gnu (i386)
> *	httpd-2.2.0
> *	php-5.1.2
>
Not syslog's fault, unless you plan on dumping all your logs to an SQL 
database, but really it could be any database in practise.

> *	syslog-ng-1.6.9.orig
> 
Useful bit.

> My Issue:
> 
> I am not able to re-write UPS's name, 
> 
to me an "UPS's" is a uninterruptable power supply....is that what you
mean.  As 
you don't put it in any context (why don't you get it to advertise a 
different name?) its hard to tell what you are doing.

Usually when confronted by a support request with no detail I ask the
four 
magic questions that seem applicable to *any* fault:

1. what is it you are actually trying to do?
2. how are you trying to go about doing it?
3. what are you expecting to happen?
4. what is actually happening?

We all need details, examples, configuration extracts, errors being
quoted.  
Whats going into syslog-ng and whats coming out?  Explain why your
"UPS's" 
are fixed with their name.

We all would love to help but, I at least, don't have the foggiest of an
idea 
in regards to what you are talking about.

What little I can extract I think what you could use is the template() 
system and strap it to some rDNS lookups cached locally with a
lightweight 
DNS server on the local machine.  Of course I need to know what it is
you are 
trying to do :(

Cheers

Alex

> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please immediately delete it and
> all copies of it from your system, destroy any hard copies of it and
> notify the sender. You must not, directly or indirectly, use,
disclose,
> distribute, print, or copy any part of this message if you are not the
> intended recipient. Interfaith Medical Center and any of its
> subsidiaries each reserve the right to monitor all e-mail
communications
> through its networks.
> This message is for the named person's use only.  It may contain
confidential, proprietary or legally privileged 
> information.  o Confidentiality is waved or lost by any
mistransmission.  If you receive this 
> message in error, please immediately delete it and all copies of it
from your system, destroy any hard copies of
> it and notify the sender.  You must not, directly or indirectly, use,
disclose, distribute, orint, or copy any 
> part of this message if you are not the intended recipient.
Interfaith Medical Center and any of its subsidiaries 
> each reserve the right to monitor all e-mail communications through
its networks.
>
does this really need to be this long?  Why can't people have
"disclaimer at 
http://example.com/legal-mumble-jumble.html"? </rant>


> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list