[syslog-ng] Syslog IP information is incorrect
Tom Valdes
tom.valdes at gmail.com
Thu Sep 28 19:51:56 CEST 2006
It looks like evtsys is not including the host name. I had already tried
the "options { keep_hostname(yes); };" option without any luck.
I also tried another program "ntsyslog" which gives more options (like which
events to forward), but it also doesn't include the hostname.
Do you know of any programs which may do what I need? If not, I'll create a
seperate thread looking for something.
thanks,
tom
On 9/28/06, Nate Campi <nate at campin.net> wrote:
>
> On Thu, Sep 28, 2006 at 01:05:39PM -0400, Tom Valdes wrote:
> > I have some machines behind a firewall VLAN of 10.0.240.0 sending logs
> to a
> > Linux Syslog server on the 10.0.230.0 network.
> > The 2 machines are 10.0.240.71 and 10.0.240.72 and the Syslog server is
> > 10.0.230.222.
> > They are Windows and I am using the Eventlog to Syslog utility from
> Purdue
> > University (
> > https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys) to
> > convert the Windows event logs to Syslog.
> >
> > Syslog is getting the information, however, any information from the 2
> > machines are coming in as 10.0.230.1.
> > -------
> > Sep 28 11:37:54 10.0.230.1 Service Control ....... <---- This machine is
> > actually 10.0.240.71
> > -------
> > Is there a way to get Syslog to read the correct IP information? or
> does
> > Syslog simply not pass correct host information through a router?
>
> This evtsys might leave out the hostname information, like Linux
> sysklogd or Solaris syslogd. This behavior is documented here:
>
> http://www.campin.net/syslog-ng/syslog.html
>
> If evtsys is in fact sending the hostname, use
>
> options { keep_hostname(yes); };
>
> ...as described for a similar problem here where the source IP for the
> UDP/TCP packets are different from the original syslog client source:
>
> http://www.campin.net/syslog-ng/faq.html#stunnel
>
> --
> Nate
>
> "We are discreet sheep; we wait to see how the drove is going, and then
> go with the drove." - Samuel Clemens
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060928/fc1d54a6/attachment.htm
More information about the syslog-ng
mailing list