[syslog-ng] Stripping the original hostname /ip from the syslog message
Shashank Vinchurkar
shashank at rohati.com
Tue Jun 9 20:07:17 CEST 2009
Hi,
Thanks for the suggestion. It worked for me.
Regards,
-Shashank
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Robert Fekete
Sent: Wednesday, June 03, 2009 1:22 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Stripping the original hostname /ip from the
syslog message
Hi,
I am sure that there are other ways to do it, but if you are using
syslog-ng
3.0, you can use a rewrite rule to change the HOST field of the
messages.
See the second example at
http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s0
7.html
to create a rewrite rule, then use it in the logpath where your central
server
forwards the messages.
Regards,
Robert Fekete
Shashank Vinchurkar wrote:
> Any ideas on this? Is there any way I can use the filters to solve
this
> problem?
>
>
>
> -Thanks
>
>
>
> ________________________________
>
> From: syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Shashank
> Vinchurkar
> Sent: Friday, May 29, 2009 2:54 PM
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] Stripping the original hostname /ip from the
> syslogmessage
>
>
>
> Hi,
>
>
>
> We have a setup where multiple syslog-ng servers send logs to a
central
> syslog-ng server. Finally this central syslog-ng server sends the
> consolidated logs to an outside server. The outside server can be any
> server accepting standard syslog messages. The first group of servers
> are running in the internal network and don't have any hostname
> associated with them. Also the ip address is internal and does not
make
> sense to outside world. My requirement is that the outside server
should
> only see the ip address of the syslog-ng server which consolidates the
> messages from these syslog-ng servers. But I always see the ip address
> of the syslog-ng server which originated the message. Is there anyway
to
> get rid of this? I tried playing with the keep_hostname,
long_hostname,
> chain_hostname and bad_hostname options but I still see the ip address
> of the originating server.
>
>
>
> Thanks in advance for the help.
>
> -Shashank
>
>
>
>
>
------------------------------------------------------------------------
>
>
________________________________________________________________________
______
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
________________________________________________________________________
______
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list