[syslog-ng] HOST macro using relay

[Jason Barrett]

Hi all,

I'm relaying log messages from one syslog-ng server to another.  At the 

final stop, the only way I can get the $HOST macro to work is if I 
enable dns resolution on server 1 (I'd like to avoid this).  Is this by design?  Here are the 
relevant configs:

----------------------------------------------------------------------

syslog-ng server 1 (relays to server 2):
chain_hostnames(yes);
keep_hostname(yes);
use_dns(no);

source s_udp { udp(port(514)); };
destination df_udpback { udp("192.168.1.157" port(514)); };
log { source(s_udp); destination(df_udpback); };

----------------------------------------------------------------------

syslog-ng server 2:
chain_hostnames(yes);
keep_hostname(yes);
use_dns(yes);

source s_udp { udp(port(514)); };
destination df_udp { file("/var/log/ics/$HOST/$YEAR/$MONTH/$DAY"); };
log { source(s_udp); destination(df_udp); };

----------------------------------------------------------------------

Sample log message on server 2:
Oct 30 09:35:03 10.12.24.46/10.12.24.46 %ASA-5-111005: 10.28.22.55 end 
configuration: OK

10.12.24.46 is the correct IP address of the originating host, and $HOST 
resolves to this IP address.  I would prefer $HOST to resolve to the 
hostname as it exists in the /etc/hosts file.

Thanks!