[syslog-ng] Syslog relay tag
infosec at gmail.com
Wed Sep 17 18:33:44 CEST 2008
On Wed, Sep 17, 2008 at 9:07 AM, Evan Rempel <erempel at uvic.ca> wrote:
> You will need to enable the keep_hostname(yes) for BOTH the relay box and the syslog server.
I woudn't say "need" to. In fact I'd recommend keep_hostname(no) and
long_hostnames(off) for the relay box, then keep_hostname(yes) and
still long_hostnames(off) for the final syslog server. It's not always
a good idea to keep the hostname as sent by the initial syslog client,
so in fact "need" is wrong IMHO.
See this URL for a reason that keeping the hostname sent by the syslog
initiators causes trouble:
More information about the syslog-ng