[syslog-ng] Inability to filter/log hostnames
Balazs Scheidler
bazsi at balabit.hu
Mon Aug 1 20:17:40 CEST 2011
On Wed, 2011-07-20 at 12:39 -0400, Norman Elton wrote:
> I'm running syslog-ng 3.2.4 from RedHat's RPM. Unfortunately, I can't
> seem to log the hostname as specified in the incoming UDP packet. We
> don't do DNS resolution; rather, just want to log what the sending
> host is passing along. No relays in the mix, but we have
> keep_hostname() enabled. My global options:
>
> flush_lines(10);
> flush_timeout(750);
> time_reopen (10);
> log_fifo_size (1000);
> keep_hostname (yes);
>
> When I log $HOSTNAME or $HOST, I just get the sender's IP address.
> Similarly, filters based on these macros don't work properly. This all
> seemed to work on prior versions of syslog-ng (2.something).
Sorry for the long delay, summer holidays and such. The issue you are
seeing seems to indicate that syslog-ng failed to recognize the hostname
in the packet for some reason. Can you please produce a dump of the
incoming frame as it was received on the network?
the udp payload should be ok.
--
Bazsi
More information about the syslog-ng
mailing list