[syslog-ng] syslog-ng client machine IP address in message header
Balazs Scheidler
bazsi at balabit.hu
Tue Sep 29 15:34:39 CEST 2009
On Tue, 2009-09-29 at 15:11 +0530, Jain, Vaibhav (GE Healthcare) wrote:
> Hi,
>
> I am using syslog-ng open source (syslog-ng-3.0.3-1.rhel5.amd64) for
> log collection. I want to pass the syslog-ng machine ip address in the
> message header. in the current configuration I am getting following
> header in the log message -->
>
> Sep 29 00:24:20 INBLRECIS2871 ''
>
> In the above message "INBLRECIS2871" is the syslog-ng machine name
> but I want the IP address in place of machine name. let me know how to
> achieve this ?
>
>
>
> Current configurastion -->
> 1) syslog-ng client config :->
>
> options {
> mark_freq(30);
> log_msg_size(65530);
> }
>
> destination d_messages {
> syslog("3.2.20.26" transport("tcp") port(601)
> template("$HOST $MSGHDR$MSG ::::$FILE_NAME"));
> }
>
>
> 2) syslog-ng server config->
>
> options {
> time_reap(30);
> mark_freq(10);
> log_msg_size(65530);
> }
>
Well, you can control the name resolution behaviour with:
keep_hostname(yes or no) and use_dns(yes or no)
If you use keep_hostname(no) and use_dns(no), you'll make syslog-ng to
always replace the HOST field of the message with the IP address of the
sender host.
If you have multiple hops (e.g. relays), you might want to use the
settings above only on the first hop, and then keep_hostname(yes) on the
central syslog server, because otherwise you'd always see the relay ip
address.
--
Bazsi
More information about the syslog-ng
mailing list