[syslog-ng] how to change localhost to hostname

Thu Apr 24 14:14:58 CEST 2008

We have a bunch of servers whose applications write error/debug messages
to 127.0.0.1 port 514. We want syslog-ng on each of the servers to
forward the messages to a central logging server which also forwards the
messages to zenoss running on the central logger server. The problem
with our configuration (which I have copied here) is that no matter
which server originates the message, they show up on the central server
as originating from localhost - in both zenoss and in the /var/log files
We want them to be shown as originating from the server that produced
the messages. We can add a template on the central logger to log the
messages as coming form $FROM_HOST, but while that solves the problem
for the /var/log messages, zenoss still shows the messages as coming
from  localhost. Please help, we are new to using syslog-ng. We are
using syslog-ng version 2.0.8 on Red Hat Linux.

-----------------server syslog-ng.conf (slightly abbreviated)

options {

use_dns(yes);

use_fqdn(no);

chain_hostnames(no);

keep_hostnames(yes);

:::

};

source java {

udp(ip(127.0.0.1) port(514));

};

destination remote {

udp("192.168.99.105" port(514));

}

log { source(java); destination(remote); };

------------------central logger config file

options {

        use_time_recvd( no );

        time_reopen(1);

        long_hostnames(off);

        sync(0);

        use_dns(yes);

        use_fqdn(no);

        chain_hostnames(no);

        keep_hostname(yes);

        create_dirs(yes);

        stats(3600);

};

source src {

        unix-stream("/dev/log");

        pipe("/proc/kmsg");

        internal();

        udp(ip(0.0.0.0) port(514));

         };

destination everything {

        file("/var/log/$HOST_FROM.$MONTH$DAY$YEAR" template("$HOST_FROM
$HOUR:$MIN:$SEC $MSG\n"));

};

destination zenoss {

        udp( "localhost" port(5514) );

        #udp( "localhost" port(5514) template("<$PRI>$DATE $HOST_FROM
$MSG\n") );

};

log { source(src); destination(everything); };

log { source(src); destination(zenoss); };

PLEASE READ: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please delete it and all copies from your system, destroy any hard copies and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Nomura Holding America Inc., Nomura Securities International, Inc, and their respective subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state the views of such entity. Unless otherwise stated, any pricing information in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080424/6a3abd0c/attachment.htm 