[syslog-ng] Syslog IP information is incorrect

Nate Campi nate at campin.net
Thu Sep 28 19:16:05 CEST 2006

On Thu, Sep 28, 2006 at 01:05:39PM -0400, Tom Valdes wrote:
> I have some machines behind a firewall VLAN of sending logs to a
> Linux Syslog server on the network.
> The 2 machines are and and the Syslog server is
> They are Windows and I am using the Eventlog to Syslog utility from Purdue
> University (
> https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys) to
> convert the Windows event logs to Syslog.
> Syslog is getting the information, however, any information from the 2
> machines are coming in as
> -------
> Sep 28 11:37:54 Service Control ....... <---- This machine is
> actually
> -------
> Is there a way to get Syslog to read the correct IP information?  or does
> Syslog simply not pass correct host information through a router?

This evtsys might leave out the hostname information, like Linux
sysklogd or Solaris syslogd. This behavior is documented here:


If evtsys is in fact sending the hostname, use

options { keep_hostname(yes); };

...as described for a similar problem here where the source IP for the
UDP/TCP packets are different from the original syslog client source:



"We are discreet sheep; we wait to see how the drove is going, and then 
go with the drove." - Samuel Clemens

More information about the syslog-ng mailing list