[syslog-ng] Insert hostname instead of overwrite ?
stucky
stucky101 at gmail.com
Wed Aug 18 03:26:34 CEST 2010
Guys
I'm trying to log to a loadbalanced VIP. It seems to work ok except that the
loadbalancer uses SNAT so I loose my source IP.
This means I cannot use dns or even the source ip to get the source host as
all logs appear to come from the same source (the loadbalancer).
This means I have no choice but to rely on the hostname field which works
about 98% of the time but some stuff like Dell OpenManage skips the hostname
field.
So I'd get logs like this on host "cage" f.e.
Aug 16 21:47:22 Server Administrator: Storage Service EventID: 2242 The
Patrol Read has started.: Controller 0 (PERC 5/i Integrated)
I fixed that by telling the syslog-ng client to force itself to figure out a
proper hostname and now the log looks like this
Aug 17 13:51:10 cage Administrator[]: Instrumentation Service EventID: 1000
Server Administrator starting
I thought syslog-ng inserts the hostname but by the looks of it it simply
replaces whatever is in the expected field with the hostname it has just
figured out.
As you can see it overwrote the entry "Server".
No biggie in the above case but what if this field contained valuable
information ? I'd loose that.
Any way to squeeze in the hostname so to speak ?
--
stucky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100817/46fd56c1/attachment.htm
More information about the syslog-ng
mailing list