[syslog-ng] Insert hostname instead of overwrite ?

stucky stucky101 at gmail.com
Fri Sep 3 00:39:51 CEST 2010 

That's exactly the problem. I cannot keep a hostname that was never written
in the first place.
The DELL server administrator doesn't send it. As per my email below it
sends this :

Aug 16 21:47:22 Server Administrator: Storage Service EventID: 2242> The
Patrol Read has started.:  Controller 0 (PERC 5/i Integrated)

So If I do a "keep_hostname" syslog-ng assumes that the server is called
"Server" which is of course wrong.

On Thu, Sep 2, 2010 at 8:21 AM, Balazs Scheidler <bazsi at balabit.hu> wrote:

> On Tue, 2010-08-17 at 18:26 -0700, stucky wrote:
> > Guys
> >
> > I'm trying to log to a loadbalanced VIP. It seems to work ok except
> > that the loadbalancer uses SNAT so I loose my source IP.
> > This means I cannot use dns or even the source ip to get the source
> > host as all logs appear to come from the same source (the
> > loadbalancer).
> > This means I have no choice but to rely on the hostname field which
> > works about 98% of the time but some stuff like Dell OpenManage skips
> > the hostname field.
> > So I'd get logs like this on host "cage" f.e.
> >
> > Aug 16 21:47:22 Server Administrator: Storage Service EventID: 2242
> > The Patrol Read has started.:  Controller 0 (PERC 5/i Integrated)
> >
> > I fixed that by telling the syslog-ng client to force itself to figure
> > out a proper hostname and now the log looks like this
> >
> > Aug 17 13:51:10 cage Administrator[]: Instrumentation Service EventID:
> > 1000  Server Administrator starting
> >
> > I thought syslog-ng inserts the hostname but by the looks of it it
> > simply replaces whatever is in the expected field with the hostname it
> > has just figured out.
> > As you can see it overwrote the entry "Server".
> > No biggie in the above case but what if this field contained valuable
> > information ? I'd loose that.
> > Any way to squeeze in the hostname so to speak ?
>
> what about keep_hostname(yes) ?
>
>
> --
> Bazsi
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>


-- 
stucky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100902/2d9865d4/attachment.htm

More information about the syslog-ng mailing list