[syslog-ng] Inability to filter/log hostnames

Balazs Scheidler bazsi at balabit.hu
Mon Aug 1 20:17:40 CEST 2011


On Wed, 2011-07-20 at 12:39 -0400, Norman Elton wrote:
> I'm running syslog-ng 3.2.4 from RedHat's RPM. Unfortunately, I can't
> seem to log the hostname as specified in the incoming UDP packet. We
> don't do DNS resolution; rather, just want to log what the sending
> host is passing along. No relays in the mix, but we have
> keep_hostname() enabled. My global options:
> 
>         flush_lines(10);
>         flush_timeout(750);
>         time_reopen (10);
>         log_fifo_size (1000);
>         keep_hostname (yes);
> 
> When I log $HOSTNAME or $HOST, I just get the sender's IP address.
> Similarly, filters based on these macros don't work properly. This all
> seemed to work on prior versions of syslog-ng (2.something).

Sorry for the long delay, summer holidays and such. The issue you are
seeing seems to indicate that syslog-ng failed to recognize the hostname
in the packet for some reason. Can you please produce a dump of the
incoming frame as it was received on the network?

the udp payload should be ok.

-- 
Bazsi




More information about the syslog-ng mailing list