[syslog-ng] Stripping the original hostname /ip from the syslog message

Balazs Scheidler bazsi at balabit.hu
Wed Jun 3 11:09:47 CEST 2009


On Fri, 2009-05-29 at 14:54 -0700, Shashank Vinchurkar wrote:
> Hi,
> 
>  
> 
> We have a setup where multiple syslog-ng servers send logs to a
> central syslog-ng server. Finally this central syslog-ng server sends
> the consolidated logs to an outside server. The outside server can be
> any server accepting standard syslog messages. The first group of
> servers are running in the internal network and don’t have any
> hostname associated with them. Also the ip address is internal and
> does not make sense to outside world. My requirement is that the
> outside server should only see the ip address of the syslog-ng server
> which consolidates the messages from these syslog-ng servers. But I
> always see the ip address of the syslog-ng server which originated the
> message. Is there anyway to get rid of this? I tried playing with the
> keep_hostname, long_hostname, chain_hostname and bad_hostname options
> but I still see the ip address of the originating server.
> 

syslog-ng tries hard to keep that information, so that's the default
behaviour. if you turn off keep_hostname() syslog-ng will try to resolve
the IP address of the host sending the message.

if you want to change it, you need to use the rewrite feature that
Robert has suggested.

-- 
Bazsi




More information about the syslog-ng mailing list