[syslog-ng] Stripping the original hostname /ip from the syslog message

Robert Fekete frobert at balabit.com
Wed Jun 3 10:21:40 CEST 2009 

Hi,
I am sure that there are other ways to do it, but if you are using syslog-ng 
3.0, you can use a rewrite rule to change the HOST field of the messages.
See the second example at 
http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s07.html
to create a rewrite rule, then use it in the logpath where your central server 
forwards the messages.

Regards,

Robert Fekete

Shashank Vinchurkar wrote:

> Any ideas on this? Is there any way I can use the filters to solve this
> problem?
> 
>  
> 
> -Thanks
> 
>  
> 
> ________________________________
> 
> From: syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Shashank
> Vinchurkar
> Sent: Friday, May 29, 2009 2:54 PM
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] Stripping the original hostname /ip from the
> syslogmessage
> 
>  
> 
> Hi,
> 
>  
> 
> We have a setup where multiple syslog-ng servers send logs to a central
> syslog-ng server. Finally this central syslog-ng server sends the
> consolidated logs to an outside server. The outside server can be any
> server accepting standard syslog messages. The first group of servers
> are running in the internal network and don't have any hostname
> associated with them. Also the ip address is internal and does not make
> sense to outside world. My requirement is that the outside server should
> only see the ip address of the syslog-ng server which consolidates the
> messages from these syslog-ng servers. But I always see the ip address
> of the syslog-ng server which originated the message. Is there anyway to
> get rid of this? I tried playing with the keep_hostname, long_hostname,
> chain_hostname and bad_hostname options but I still see the ip address
> of the originating server.
> 
>  
> 
> Thanks in advance for the help.
> 
> -Shashank
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>

More information about the syslog-ng mailing list