[syslog-ng] Stripping the original hostname /ip from the syslog message

Shashank Vinchurkar shashank at rohati.com
Wed Jun 3 00:27:25 CEST 2009


Any ideas on this? Is there any way I can use the filters to solve this
problem?

 

-Thanks

 

________________________________

From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Shashank
Vinchurkar
Sent: Friday, May 29, 2009 2:54 PM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Stripping the original hostname /ip from the
syslogmessage

 

Hi,

 

We have a setup where multiple syslog-ng servers send logs to a central
syslog-ng server. Finally this central syslog-ng server sends the
consolidated logs to an outside server. The outside server can be any
server accepting standard syslog messages. The first group of servers
are running in the internal network and don't have any hostname
associated with them. Also the ip address is internal and does not make
sense to outside world. My requirement is that the outside server should
only see the ip address of the syslog-ng server which consolidates the
messages from these syslog-ng servers. But I always see the ip address
of the syslog-ng server which originated the message. Is there anyway to
get rid of this? I tried playing with the keep_hostname, long_hostname,
chain_hostname and bad_hostname options but I still see the ip address
of the originating server.

 

Thanks in advance for the help.

-Shashank

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090602/b38cc2df/attachment.htm 


More information about the syslog-ng mailing list