[syslog-ng] Stripping the original hostname /ip from the syslog message

Shashank Vinchurkar shashank at rohati.com
Tue Jun 9 20:07:17 CEST 2009


Hi,

Thanks for the suggestion. It worked for me.

Regards,
-Shashank

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Robert Fekete
Sent: Wednesday, June 03, 2009 1:22 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Stripping the original hostname /ip from the
syslog message

Hi,
I am sure that there are other ways to do it, but if you are using
syslog-ng 
3.0, you can use a rewrite rule to change the HOST field of the
messages.
See the second example at 
http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s0
7.html
to create a rewrite rule, then use it in the logpath where your central
server 
forwards the messages.

Regards,

Robert Fekete

Shashank Vinchurkar wrote:

> Any ideas on this? Is there any way I can use the filters to solve
this
> problem?
> 
>  
> 
> -Thanks
> 
>  
> 
> ________________________________
> 
> From: syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Shashank
> Vinchurkar
> Sent: Friday, May 29, 2009 2:54 PM
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] Stripping the original hostname /ip from the
> syslogmessage
> 
>  
> 
> Hi,
> 
>  
> 
> We have a setup where multiple syslog-ng servers send logs to a
central
> syslog-ng server. Finally this central syslog-ng server sends the
> consolidated logs to an outside server. The outside server can be any
> server accepting standard syslog messages. The first group of servers
> are running in the internal network and don't have any hostname
> associated with them. Also the ip address is internal and does not
make
> sense to outside world. My requirement is that the outside server
should
> only see the ip address of the syslog-ng server which consolidates the
> messages from these syslog-ng servers. But I always see the ip address
> of the syslog-ng server which originated the message. Is there anyway
to
> get rid of this? I tried playing with the keep_hostname,
long_hostname,
> chain_hostname and bad_hostname options but I still see the ip address
> of the originating server.
> 
>  
> 
> Thanks in advance for the help.
> 
> -Shashank
> 
> 
> 
> 
>
------------------------------------------------------------------------
> 
>
________________________________________________________________________
______
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
> 

________________________________________________________________________
______
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html



More information about the syslog-ng mailing list