[syslog-ng] Stripping the original hostname /ip from the syslog message

Shashank Vinchurkar shashank at rohati.com
Fri May 29 23:54:08 CEST 2009



We have a setup where multiple syslog-ng servers send logs to a central
syslog-ng server. Finally this central syslog-ng server sends the
consolidated logs to an outside server. The outside server can be any
server accepting standard syslog messages. The first group of servers
are running in the internal network and don't have any hostname
associated with them. Also the ip address is internal and does not make
sense to outside world. My requirement is that the outside server should
only see the ip address of the syslog-ng server which consolidates the
messages from these syslog-ng servers. But I always see the ip address
of the syslog-ng server which originated the message. Is there anyway to
get rid of this? I tried playing with the keep_hostname, long_hostname,
chain_hostname and bad_hostname options but I still see the ip address
of the originating server.


Thanks in advance for the help.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090529/941e1060/attachment.htm 

More information about the syslog-ng mailing list